Every single route responds with nginx 404

showtimezz · November 20, 2025, 11:08am

Hi!

I’ve recently come across this issue with issuing Let’s Encrypt certificates with my domains → [Bug] · Issue #5118 · hestiacp/hestiacp · GitHub . I’ve followed along with the author proposed fix and still couldn’t issue SSLs. After that I figured maybe we’re using a different version, let me try updating the version by following this thread → How do I see what version of 1.2 I am on, and How to I update - #2 by eris .

After that, Hestia seems to have upgraded successfully, but every single route on my server is currently responding with 404s. Some example URL’s that are all running on the same server:

https://dragana.me as well as https://marinkovicvuk.com.

I am more than happy to provide any and all logs, however I am not sure what exactly to start with initially. So, here is everything I though relevant to the issue I’m facing:

/etc/nginx/nginx.conf

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log debug;
pid        /run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
   
}

Output of nginx -T

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log debug;
pid        /run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
   
}

# configuration file /etc/nginx/mime.types:

types {
    text/html                                        html htm shtml;
    text/css                                         css;
    text/xml                                         xml;
    image/gif                                        gif;
    image/jpeg                                       jpeg jpg;
    application/javascript                           js;
    application/atom+xml                             atom;
    application/rss+xml                              rss;

    text/mathml                                      mml;
    text/plain                                       txt;
    text/vnd.sun.j2me.app-descriptor                 jad;
    text/vnd.wap.wml                                 wml;
    text/x-component                                 htc;

    image/avif                                       avif;
    image/png                                        png;
    image/svg+xml                                    svg svgz;
    image/tiff                                       tif tiff;
    image/vnd.wap.wbmp                               wbmp;
    image/webp                                       webp;
    image/x-icon                                     ico;
    image/x-jng                                      jng;
    image/x-ms-bmp                                   bmp;

    font/woff                                        woff;
    font/woff2                                       woff2;

    application/java-archive                         jar war ear;
    application/json                                 json;
    application/mac-binhex40                         hqx;
    application/msword                               doc;
    application/pdf                                  pdf;
    application/postscript                           ps eps ai;
    application/rtf                                  rtf;
    application/vnd.apple.mpegurl                    m3u8;
    application/vnd.google-earth.kml+xml             kml;
    application/vnd.google-earth.kmz                 kmz;
    application/vnd.ms-excel                         xls;
    application/vnd.ms-fontobject                    eot;
    application/vnd.ms-powerpoint                    ppt;
    application/vnd.oasis.opendocument.graphics      odg;
    application/vnd.oasis.opendocument.presentation  odp;
    application/vnd.oasis.opendocument.spreadsheet   ods;
    application/vnd.oasis.opendocument.text          odt;
    application/vnd.openxmlformats-officedocument.presentationml.presentation
                                                     pptx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
                                                     xlsx;
    application/vnd.openxmlformats-officedocument.wordprocessingml.document
                                                     docx;
    application/vnd.wap.wmlc                         wmlc;
    application/wasm                                 wasm;
    application/x-7z-compressed                      7z;
    application/x-cocoa                              cco;
    application/x-java-archive-diff                  jardiff;
    application/x-java-jnlp-file                     jnlp;
    application/x-makeself                           run;
    application/x-perl                               pl pm;
    application/x-pilot                              prc pdb;
    application/x-rar-compressed                     rar;
    application/x-redhat-package-manager             rpm;
    application/x-sea                                sea;
    application/x-shockwave-flash                    swf;
    application/x-stuffit                            sit;
    application/x-tcl                                tcl tk;
    application/x-x509-ca-cert                       der pem crt;
    application/x-xpinstall                          xpi;
    application/xhtml+xml                            xhtml;
    application/xspf+xml                             xspf;
    application/zip                                  zip;

    application/octet-stream                         bin exe dll;
    application/octet-stream                         deb;
    application/octet-stream                         dmg;
    application/octet-stream                         iso img;
    application/octet-stream                         msi msp msm;

    audio/midi                                       mid midi kar;
    audio/mpeg                                       mp3;
    audio/ogg                                        ogg;
    audio/x-m4a                                      m4a;
    audio/x-realaudio                                ra;

    video/3gpp                                       3gpp 3gp;
    video/mp2t                                       ts;
    video/mp4                                        mp4;
    video/mpeg                                       mpeg mpg;
    video/quicktime                                  mov;
    video/webm                                       webm;
    video/x-flv                                      flv;
    video/x-m4v                                      m4v;
    video/x-mng                                      mng;
    video/x-ms-asf                                   asx asf;
    video/x-ms-wmv                                   wmv;
    video/x-msvideo                                  avi;
}

# configuration file /etc/nginx/conf.d/01_caching_pool.conf:

# configuration file /etc/nginx/conf.d/0rtt-anti-replay.conf:
# Implement TLS 1.3 0-RTT anti-replay for NGINX
# Requires: NGINX directive "ssl_early_data" on
# Usage:
# Make sure these "map" blocks are included in "http" block
# Put the following two lines in SSL "server" block, before any "location" blocks
# if ($anti_replay = 307) { return 307 https://$host$request_uri; }
# if ($anti_replay = 425) { return 425; }
# Pass "Early-Data" header to backend/upstream
# Only for 0-RTT requests from clients that understand 425 status code (RFC 8470)
# fastcgi_param HTTP_EARLY_DATA $rfc_early_data if_not_empty;
# proxy_set_header Early-Data $rfc_early_data;
# Copyright © myrevery
# Copyright © 7677333 (An anagram of a Anonymous Cybersecurity Research Team)
map "$request_method:$is_args" $ar_idempotent {
	default                              0;
	"~^GET:$|^(HEAD|OPTIONS|TRACE):\?*$" 1;
}

map $http_user_agent $ar_support_425 {
	default                                           0;
	"~Firefox/((58|59)|([6-9]\d)|([1-9]\d{2,}))\.\d+" 1;
}

map "$ssl_early_data:$ar_idempotent:$ar_support_425" $anti_replay {
	1:0:0 307;
	1:0:1 425;
}

map "$ssl_early_data:$ar_support_425" $rfc_early_data {
	1:1 1;
}
# configuration file /etc/nginx/conf.d/188.245.167.88.conf:
server {
	listen 188.245.167.88:80 default_server;
	server_name _;
	access_log off;
	error_log /dev/null;

	location / {
		proxy_pass http://188.245.167.88:8080;
   }
}

server {
	listen 188.245.167.88:443 default_server ssl;
	server_name _;
	access_log off;
	error_log /dev/null;

	ssl_certificate     /usr/local/hestia/ssl/certificate.crt;
	ssl_certificate_key /usr/local/hestia/ssl/certificate.key;

	return 301 http://$host$request_uri;

	location / {
		root /var/www/document_errors/;
	}

	location /error/ {
		alias /var/www/document_errors/;
	}
}

# configuration file /etc/nginx/conf.d/agents.conf:
map $http_user_agent $mobile_request {
	default                      desktopversion;
	"~*ipad"                     mobileversion;
	"~*android.*mobile"          mobileversion;
	"~*iphone"                   mobileversion;
	"~*ipod.*mobile"             mobileversion;
	"~*BlackBerry*Mobile Safari" mobileversion;
	"~*BB*Mobile Safari"         mobileversion;
	"~*Opera.*Mini/7"            mobileversion;
	"~*IEMobile/10.*Touch"       mobileversion;
	"~*IEMobile/11.*Touch"       mobileversion;
	"~*IEMobile/7.0"             mobileversion;
	"~*IEMobile/9.0"             mobileversion;
	"~*Firefox.*Mobile"          mobileversion;
	"~*webOS"                    mobileversion;
}
# configuration file /etc/nginx/conf.d/http2-directive.conf:
http2 on;

# configuration file /etc/nginx/conf.d/status.conf:
server {
	listen                  127.0.0.1:8084 default_server;
	server_name             _;
	server_name_in_redirect off;

	location / {
		stub_status on;
		access_log  off;
		error_log   /dev/null;
	}
}

nginx.conf for one of the affected domains, located in: /home//conf/web/dragana.me


#=========================================================================#
# Default Web Domain Template                                             #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS   #
# https://hestiacp.com/docs/server-administration/web-templates.html      #
#=========================================================================#

server {
	listen      188.245.167.88:80;
	server_name dragana.me www.dragana.me;
	error_log   /var/log/apache2/domains/dragana.me.error.log error;

	include /home/showtimezz/conf/web/dragana.me/nginx.forcessl.conf*;

	location ~ /\.(?!well-known\/|file) {
		deny all;
		return 404;
	}

	location / {
		proxy_pass http://188.245.167.88:8080;

		location ~* ^.+\.(css|htm|html|js|mjs|json|xml|apng|avif|bmp|cur|gif|ico|jfif|jpg|jpeg|pjp|pjpeg|png|svg|tif|tiff|webp|aac|caf|flac|m4a|midi|mp3|ogg|opus|wav|3gp|av1|avi|m4v|mkv|mov|mpg|mpeg|mp4|mp4v|webm|otf|ttf|woff|woff2|doc|docx|odf|odp|ods|odt|pdf|ppt|pptx|rtf|txt|xls|xlsx|7z|bz2|gz|rar|tar|tgz|zip|apk|appx|bin|dmg|exe|img|iso|jar|msi|webmanifest)$ {
			try_files  $uri @fallback;

			root       /home/showtimezz/web/dragana.me/public_html;
			access_log /var/log/apache2/domains/dragana.me.log combined;
			access_log /var/log/apache2/domains/dragana.me.bytes bytes;

			expires    max;
		}
	}

	location @fallback {
		proxy_pass http://188.245.167.88:8080;
	}

	location /error/ {
		alias /home/showtimezz/web/dragana.me/document_errors/;
	}

	include /home/showtimezz/conf/web/dragana.me/nginx.conf_*;
}

Output for v-list-sys-nginx-config :

worker_processes    auto
worker_connections  1024
#gzip               on
config_path         /etc/nginx/nginx.conf

nginx error log:

2025/11/20 10:52:30 [notice] 48822#48822: signal 17 (SIGCHLD) received from 55430
2025/11/20 10:52:30 [notice] 48822#48822: worker process 55430 exited with code 0
2025/11/20 10:52:30 [notice] 48822#48822: signal 29 (SIGIO) received
2025/11/20 10:52:30 [notice] 48822#48822: signal 17 (SIGCHLD) received from 55431
2025/11/20 10:52:30 [notice] 48822#48822: worker process 55431 exited with code 0
2025/11/20 10:52:30 [notice] 48822#48822: signal 29 (SIGIO) received
2025/11/20 10:52:30 [notice] 48822#48822: signal 17 (SIGCHLD) received from 55433
2025/11/20 10:52:30 [notice] 48822#48822: worker process 55433 exited with code 0
2025/11/20 10:52:30 [notice] 48822#48822: worker process 55432 exited with code 0
2025/11/20 10:52:30 [notice] 48822#48822: signal 29 (SIGIO) received
2025/11/20 10:52:30 [notice] 48822#48822: signal 17 (SIGCHLD) received from 55432
2025/11/20 10:52:59 [notice] 48822#48822: signal 15 (SIGTERM) received from 65946, exiting
2025/11/20 10:52:59 [notice] 65393#65393: exiting
2025/11/20 10:52:59 [notice] 65395#65395: exiting
2025/11/20 10:52:59 [notice] 65394#65394: exiting
2025/11/20 10:52:59 [notice] 65396#65396: exiting
2025/11/20 10:52:59 [notice] 65393#65393: exit
2025/11/20 10:52:59 [notice] 65395#65395: exit
2025/11/20 10:52:59 [notice] 65394#65394: exit
2025/11/20 10:52:59 [notice] 65396#65396: exit
2025/11/20 10:52:59 [notice] 48822#48822: signal 15 (SIGTERM) received from 1, exiting
2025/11/20 10:52:59 [notice] 65396#65396: signal 15 (SIGTERM) received from 1, exiting
2025/11/20 10:52:59 [notice] 48822#48822: signal 17 (SIGCHLD) received from 65393
2025/11/20 10:52:59 [notice] 48822#48822: worker process 65393 exited with code 0
2025/11/20 10:52:59 [notice] 48822#48822: signal 29 (SIGIO) received
2025/11/20 10:52:59 [notice] 48822#48822: signal 17 (SIGCHLD) received from 65394
2025/11/20 10:52:59 [notice] 48822#48822: worker process 65394 exited with code 0
2025/11/20 10:52:59 [notice] 48822#48822: signal 29 (SIGIO) received
2025/11/20 10:52:59 [notice] 48822#48822: signal 17 (SIGCHLD) received from 65395
2025/11/20 10:52:59 [notice] 48822#48822: worker process 65395 exited with code 0
2025/11/20 10:52:59 [notice] 48822#48822: signal 29 (SIGIO) received
2025/11/20 10:52:59 [notice] 48822#48822: signal 17 (SIGCHLD) received from 65396
2025/11/20 10:52:59 [notice] 48822#48822: worker process 65396 exited with code 0
2025/11/20 10:52:59 [notice] 48822#48822: exit
2025/11/20 10:52:59 [notice] 65948#65948: using the "epoll" event method
2025/11/20 10:52:59 [notice] 65948#65948: nginx/1.29.3
2025/11/20 10:52:59 [notice] 65948#65948: built by gcc 13.3.0 (Ubuntu 13.3.0-6ubuntu2~24.04) 
2025/11/20 10:52:59 [notice] 65948#65948: OS: Linux 6.8.0-87-generic
2025/11/20 10:52:59 [notice] 65948#65948: getrlimit(RLIMIT_NOFILE): 1024:524288
2025/11/20 10:52:59 [notice] 65950#65950: start worker processes
2025/11/20 10:52:59 [notice] 65950#65950: start worker process 65951
2025/11/20 10:52:59 [notice] 65950#65950: start worker process 65952
2025/11/20 10:52:59 [notice] 65950#65950: start worker process 65953
2025/11/20 10:52:59 [notice] 65950#65950: start worker process 65954

I’ve tried running the CLI commands to rebuild the domains, add the web domains, rebuild system settings, etc, none of them seem to make a difference.

I’d be more than happy to provide anything else anyone might need, and I deeply appreciate anyone that lends me a hand in this. Thank you.

sahsanu · November 20, 2025, 12:16pm

Hi,

The /etc/nginx/nginx.conf is not the right one used by Hestia so looks it has been overwritten when upgrading the nginx package.

Before trying to fix it, show the output of these commands:

ls -l /etc/nginx/
ls -l /etc/nginx/conf.d/

showtimezz · November 20, 2025, 1:06pm

Hi @sahsanu - Thank you for your quick reply.

As requested, output of: ls -l /etc/nginx/

total 44
drwxr-xr-x 4 root root 4096 Nov 19 12:42 conf.d
-rw-r--r-- 1 root root 1007 Feb  5  2025 fastcgi_params
-rw-r--r-- 1 root root 5349 Feb  5  2025 mime.types
lrwxrwxrwx 1 root root   22 Feb  5  2025 modules -> /usr/lib/nginx/modules
drwxr-xr-x 2 root root 4096 Apr  5  2025 modules-enabled
-rw-r--r-- 1 root root  647 Nov 20 10:38 nginx.conf
-rw-r--r-- 1 root root 6436 Apr  5  2025 nginx.conf.dpkg-old
-rw-r--r-- 1 root root  636 Feb  5  2025 scgi_params
drwxr-xr-x 2 root root 4096 Apr 14  2025 sites-enabled
-rw-r--r-- 1 root root  664 Feb  5  2025 uwsgi_params

Output of ls -l /etc/nginx/conf.d/

total 40
-rw-r--r-- 1 root root    0 Apr 25  2025 01_caching_pool.conf
-rw-r--r-- 1 root root 1141 Apr  5  2025 0rtt-anti-replay.conf
-rw-r--r-- 1 root root  554 Apr  5  2025 188.245.167.88.conf
-rw-r--r-- 1 root root  671 Apr  5  2025 agents.conf
-rw-r--r-- 1 root root  805 Nov 20 10:06 cloudflare.inc
drwxr-xr-x 2 root root 4096 Nov 20 10:52 domains
-rw-r--r-- 1 root root   10 Apr  5  2025 http2-directive.conf
drwxr-xr-x 2 root root 4096 Apr  5  2025 main
-rw-r--r-- 1 root root  643 Apr  5  2025 phpmyadmin.inc
-rw-r--r-- 1 root root  381 Apr  5  2025 phppgadmin.inc
-rw-r--r-- 1 root root  204 Apr  5  2025 status.conf

Hope this sheds some light on the issue.

sahsanu · November 20, 2025, 1:42pm

Run these commands:

mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bkp 
cp /etc/nginx/nginx.conf.dpkg-old /etc/nginx/nginx.conf
systemctl restart nginx

showtimezz · November 20, 2025, 2:09pm

Hi,

Done, nginx -T now seems to store all of the entires for all of the domains. Pasted down below → Warning, massive file, that I’ve truncated to fit inside the character limit.

ginx: [warn] "ssl_stapling" ignored, no OCSP responder URL in the certificate "/home/showtimezz/conf/web/lazar.marinkovicvuk.com/ssl/lazar.marinkovicvuk.com.pem"
nginx: [warn] "ssl_stapling" ignored, no OCSP responder URL in the certificate "/home/showtimezz/conf/web/marinkoff.com/ssl/marinkoff.com.pem"
nginx: [warn] "ssl_stapling" ignored, no OCSP responder URL in the certificate "/home/showtimezz/conf/web/riven.marinkovicvuk.com/ssl/riven.marinkovicvuk.com.pem"
nginx: [warn] "ssl_stapling" ignored, no OCSP responder URL in the certificate "/home/showtimezz/conf/mail/dragana.me/ssl/dragana.me.pem"
nginx: [warn] "ssl_stapling" ignored, no OCSP responder URL in the certificate "/home/showtimezz/conf/mail/marinkoff.com/ssl/marinkoff.com.pem"
nginx: [warn] "ssl_stapling" ignored, no OCSP responder URL in the certificate "/home/showtimezz/conf/mail/marinkovicvuk.com/ssl/marinkovicvuk.com.pem"
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
# Server globals
user                 www-data;
worker_processes     auto;
worker_rlimit_nofile 65535;
error_log            /var/log/nginx/error.log;
pid                  /run/nginx.pid;
include              /etc/nginx/conf.d/main/*.conf;
include              /etc/nginx/modules-enabled/*.conf;

# Worker config
events {
	worker_connections 1024;
	use                epoll;
	multi_accept       on;
}

http {
	# Main settings
	sendfile                        on;
	tcp_nopush                      on;
	tcp_nodelay                     on;
	client_header_timeout           180s;
	client_body_timeout             180s;
	client_header_buffer_size       2k;
	client_body_buffer_size         256k;
	client_max_body_size            1024m;
	large_client_header_buffers     4 8k;
	send_timeout                    60s;
	keepalive_timeout               30s;
	keepalive_requests              1000;
	reset_timedout_connection       on;
	server_tokens                   off;
	server_name_in_redirect         off;
	server_names_hash_max_size      512;
	server_names_hash_bucket_size   512;
	charset                         utf-8;
	# FastCGI settings
	fastcgi_buffers                 512 4k;
	fastcgi_buffer_size             256k;
	fastcgi_busy_buffers_size       256k;
	fastcgi_temp_file_write_size    256k;
	fastcgi_connect_timeout         30s;
	fastcgi_read_timeout            300s;
	fastcgi_send_timeout            180s;
	fastcgi_cache_lock              on;
	fastcgi_cache_lock_timeout      5s;
	fastcgi_cache_background_update on;
	fastcgi_cache_revalidate        on;
	# Proxy settings
	proxy_redirect                  off;
	proxy_set_header                Host $host;
	proxy_set_header                Early-Data $rfc_early_data;
	proxy_set_header                X-Real-IP $remote_addr;
	proxy_set_header                X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_pass_header               Set-Cookie;
	proxy_buffers                   256 4k;
	proxy_buffer_size               32k;
	proxy_busy_buffers_size         32k;
	proxy_temp_file_write_size      256k;
	proxy_connect_timeout           30s;
	proxy_read_timeout              300s;
	proxy_send_timeout              180s;
	# Log format
	log_format                      main '$remote_addr - $remote_user [$time_local] $request "$status" $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
	log_format                      bytes '$body_bytes_sent';
	log_not_found                   off;
	access_log                      off;
	# Mime settings
	include                         /etc/nginx/mime.types;
	default_type                    application/octet-stream;
	# Compression
	gzip                            on;
	gzip_vary                       on;
	gzip_static                     on;
	gzip_comp_level                 6;
	gzip_min_length                 1024;
	gzip_buffers                    128 4k;
	gzip_http_version               1.1;
	gzip_types                      text/css text/javascript text/js text/plain text/richtext text/shtml text/x-component text/x-java-source text/x-markdown text/x-script text/xml image/bmp image/svg+xml image/vnd.microsoft.icon image/x-icon font/otf font/ttf font/x-woff multipart/bag multipart/mixed application/eot application/font application/font-sfnt application/font-woff application/javascript application/javascript-binast application/json application/ld+json application/manifest+json application/opentype application/otf application/rss+xml application/ttf application/truetype application/vnd.api+json application/vnd.ms-fontobject application/wasm application/xhtml+xml application/xml application/xml+rss application/x-httpd-cgi application/x-javascript application/x-opentype application/x-otf application/x-perl application/x-protobuf application/x-ttf;
	gzip_proxied                    any;
	# Cloudflare IPs
	include                         /etc/nginx/conf.d/cloudflare.inc;
	# SSL PCI compliance
	ssl_buffer_size                 1369;
	ssl_ciphers                     "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256";
	ssl_dhparam                     /etc/ssl/dhparam.pem;
	ssl_early_data                  on;
	ssl_ecdh_curve                  auto;
	ssl_prefer_server_ciphers       on;
	ssl_protocols                   TLSv1.2 TLSv1.3;
	ssl_session_cache               shared:SSL:20m;
	ssl_session_tickets             on;
	ssl_session_timeout             7d;
	resolver                        127.0.0.53 valid=300s ipv6=off;
	resolver_timeout                5s;
	# Error pages
	error_page                      403 /error/404.html;
	error_page                      404 /error/404.html;
	error_page                      410 /error/410.html;
	error_page                      500 501 502 503 504 505 /error/50x.html;
	# Proxy cache
	proxy_cache_path                /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m;
	proxy_cache_key                 "$scheme$request_method$host$request_uri";
	proxy_temp_path                 /var/cache/nginx/temp;
	proxy_ignore_headers            Cache-Control Expires;
	proxy_cache_use_stale           error timeout invalid_header updating http_502;
	proxy_cache_valid               any 1d;
	# FastCGI cache
	fastcgi_cache_path              /var/cache/nginx/micro levels=1:2 keys_zone=microcache:10m inactive=30m max_size=1024m;
	fastcgi_cache_key               "$scheme$request_method$host$request_uri";
	fastcgi_ignore_headers          Cache-Control Expires Set-Cookie;
	fastcgi_cache_use_stale         error timeout invalid_header updating http_500 http_503;
	add_header                      X-FastCGI-Cache $upstream_cache_status;

	# Cache bypass
	map $http_cookie $no_cache {
		default              0;
		~SESS                1;
		~wordpress_logged_in 1;
	}

	# File cache (static assets)
	open_file_cache                 max=10000 inactive=30s;
	open_file_cache_valid           60s;
	open_file_cache_min_uses        2;
	open_file_cache_errors          off;
	# Wildcard include
	include                         /etc/nginx/conf.d/*.conf;
	include                         /etc/nginx/conf.d/domains/*.conf;
}
# configuration file /etc/nginx/mime.types:

types {
    text/html                                        html htm shtml;
    text/css                                         css;
    text/xml                                         xml;
    image/gif                                        gif;
    image/jpeg                                       jpeg jpg;
    application/javascript                           js;
    application/atom+xml                             atom;
    application/rss+xml                              rss;

    text/mathml                                      mml;
    text/plain                                       txt;
    text/vnd.sun.j2me.app-descriptor                 jad;
    text/vnd.wap.wml                                 wml;
    text/x-component                                 htc;

    image/avif                                       avif;
    image/png                                        png;
    image/svg+xml                                    svg svgz;
    image/tiff                                       tif tiff;
    image/vnd.wap.wbmp                               wbmp;
    image/webp                                       webp;
    image/x-icon                                     ico;
    image/x-jng                                      jng;
    image/x-ms-bmp                                   bmp;

    font/woff                                        woff;
    font/woff2                                       woff2;

    application/java-archive                         jar war ear;
    application/json                                 json;
    application/mac-binhex40                         hqx;
    application/msword                               doc;
    application/pdf                                  pdf;
    application/postscript                           ps eps ai;
    application/rtf                                  rtf;
    application/vnd.apple.mpegurl                    m3u8;
    application/vnd.google-earth.kml+xml             kml;
    application/vnd.google-earth.kmz                 kmz;
    application/vnd.ms-excel                         xls;
    application/vnd.ms-fontobject                    eot;
    application/vnd.ms-powerpoint                    ppt;
    application/vnd.oasis.opendocument.graphics      odg;
    application/vnd.oasis.opendocument.presentation  odp;
    application/vnd.oasis.opendocument.spreadsheet   ods;
    application/vnd.oasis.opendocument.text          odt;
    application/vnd.openxmlformats-officedocument.presentationml.presentation
                                                     pptx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
                                                     xlsx;
    application/vnd.openxmlformats-officedocument.wordprocessingml.document
                                                     docx;
    application/vnd.wap.wmlc                         wmlc;
    application/wasm                                 wasm;
    application/x-7z-compressed                      7z;
    application/x-cocoa                              cco;
    application/x-java-archive-diff                  jardiff;
    application/x-java-jnlp-file                     jnlp;
    application/x-makeself                           run;
    application/x-perl                               pl pm;
    application/x-pilot                              prc pdb;
    application/x-rar-compressed                     rar;
    application/x-redhat-package-manager             rpm;
    application/x-sea                                sea;
    application/x-shockwave-flash                    swf;
    application/x-stuffit                            sit;
    application/x-tcl                                tcl tk;
    application/x-x509-ca-cert                       der pem crt;
    application/x-xpinstall                          xpi;
    application/xhtml+xml                            xhtml;
    application/xspf+xml                             xspf;
    application/zip                                  zip;

    application/octet-stream                         bin exe dll;
    application/octet-stream                         deb;
    application/octet-stream                         dmg;
    application/octet-stream                         iso img;
    application/octet-stream                         msi msp msm;

    audio/midi                                       mid midi kar;
    audio/mpeg                                       mp3;
    audio/ogg                                        ogg;
    audio/x-m4a                                      m4a;
    audio/x-realaudio                                ra;

    video/3gpp                                       3gpp 3gp;
    video/mp2t                                       ts;
    video/mp4                                        mp4;
    video/mpeg                                       mpeg mpg;
    video/quicktime                                  mov;
    video/webm                                       webm;
    video/x-flv                                      flv;
    video/x-m4v                                      m4v;
    video/x-mng                                      mng;
    video/x-ms-asf                                   asx asf;
    video/x-ms-wmv                                   wmv;
    video/x-msvideo                                  avi;
}

# configuration file /etc/nginx/conf.d/cloudflare.inc:
# Cloudflare IP Ranges

# IPv4
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;

# IPv6
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2a06:98c0::/29;
set_real_ip_from 2c0f:f248::/32;

real_ip_header CF-Connecting-IP;

# configuration file /etc/nginx/conf.d/01_caching_pool.conf:

# configuration file /etc/nginx/conf.d/0rtt-anti-replay.conf:
# Implement TLS 1.3 0-RTT anti-replay for NGINX
# Requires: NGINX directive "ssl_early_data" on
# Usage:
# Make sure these "map" blocks are included in "http" block
# Put the following two lines in SSL "server" block, before any "location" blocks
# if ($anti_replay = 307) { return 307 https://$host$request_uri; }
# if ($anti_replay = 425) { return 425; }
# Pass "Early-Data" header to backend/upstream
# Only for 0-RTT requests from clients that understand 425 status code (RFC 8470)
# fastcgi_param HTTP_EARLY_DATA $rfc_early_data if_not_empty;
# proxy_set_header Early-Data $rfc_early_data;
# Copyright © myrevery
# Copyright © 7677333 (An anagram of a Anonymous Cybersecurity Research Team)
map "$request_method:$is_args" $ar_idempotent {
	default                              0;
	"~^GET:$|^(HEAD|OPTIONS|TRACE):\?*$" 1;
}

map $http_user_agent $ar_support_425 {
	default                                           0;
	"~Firefox/((58|59)|([6-9]\d)|([1-9]\d{2,}))\.\d+" 1;
}

map "$ssl_early_data:$ar_idempotent:$ar_support_425" $anti_replay {
	1:0:0 307;
	1:0:1 425;
}

map "$ssl_early_data:$ar_support_425" $rfc_early_data {
	1:1 1;
}
# configuration file /etc/nginx/conf.d/188.245.167.88.conf:
server {
	listen 188.245.167.88:80 default_server;
	server_name _;
	access_log off;
	error_log /dev/null;

	location / {
		proxy_pass http://188.245.167.88:8080;
   }
}

server {
	listen 188.245.167.88:443 default_server ssl;
	server_name _;
	access_log off;
	error_log /dev/null;

	ssl_certificate     /usr/local/hestia/ssl/certificate.crt;
	ssl_certificate_key /usr/local/hestia/ssl/certificate.key;

	return 301 http://$host$request_uri;

	location / {
		root /var/www/document_errors/;
	}

	location /error/ {
		alias /var/www/document_errors/;
	}
}

# configuration file /etc/nginx/conf.d/agents.conf:
map $http_user_agent $mobile_request {
	default                      desktopversion;
	"~*ipad"                     mobileversion;
	"~*android.*mobile"          mobileversion;
	"~*iphone"                   mobileversion;
	"~*ipod.*mobile"             mobileversion;
	"~*BlackBerry*Mobile Safari" mobileversion;
	"~*BB*Mobile Safari"         mobileversion;
	"~*Opera.*Mini/7"            mobileversion;
	"~*IEMobile/10.*Touch"       mobileversion;
	"~*IEMobile/11.*Touch"       mobileversion;
	"~*IEMobile/7.0"             mobileversion;
	"~*IEMobile/9.0"             mobileversion;
	"~*Firefox.*Mobile"          mobileversion;
	"~*webOS"                    mobileversion;
}
# configuration file /etc/nginx/conf.d/http2-directive.conf:
http2 on;

# configuration file /etc/nginx/conf.d/status.conf:
server {
	listen                  127.0.0.1:8084 default_server;
	server_name             _;
	server_name_in_redirect off;

	location / {
		stub_status on;
		access_log  off;
		error_log   /dev/null;
	}
}
# configuration file /etc/nginx/conf.d/domains/dragana.me.conf:
#=========================================================================#
# Default Web Domain Template                                             #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS   #
# https://hestiacp.com/docs/server-administration/web-templates.html      #
#=========================================================================#

server {
	listen      188.245.167.88:80;
	server_name dragana.me www.dragana.me;
	error_log   /var/log/apache2/domains/dragana.me.error.log error;

	include /home/showtimezz/conf/web/dragana.me/nginx.forcessl.conf*;

	location ~ /\.(?!well-known\/|file) {
		deny all;
		return 404;
	}

	location / {
		proxy_pass http://188.245.167.88:8080;

		location ~* ^.+\.(css|htm|html|js|mjs|json|xml|apng|avif|bmp|cur|gif|ico|jfif|jpg|jpeg|pjp|pjpeg|png|svg|tif|tiff|webp|aac|caf|flac|m4a|midi|mp3|ogg|opus|wav|3gp|av1|avi|m4v|mkv|mov|mpg|mpeg|mp4|mp4v|webm|otf|ttf|woff|woff2|doc|docx|odf|odp|ods|odt|pdf|ppt|pptx|rtf|txt|xls|xlsx|7z|bz2|gz|rar|tar|tgz|zip|apk|appx|bin|dmg|exe|img|iso|jar|msi|webmanifest)$ {
			try_files  $uri @fallback;

			root       /home/showtimezz/web/dragana.me/public_html;
			access_log /var/log/apache2/domains/dragana.me.log combined;
			access_log /var/log/apache2/domains/dragana.me.bytes bytes;

			expires    max;
		}
	}

	location @fallback {
		proxy_pass http://188.245.167.88:8080;
	}

	location /error/ {
		alias /home/showtimezz/web/dragana.me/document_errors/;
	}

	include /home/showtimezz/conf/web/dragana.me/nginx.conf_*;
}

# configuration file /home/showtimezz/conf/web/dragana.me/nginx.conf_letsencrypt:
location ~ "^/\.well-known/acme-challenge/([-_A-Za-z0-9]+)$" {
    default_type text/plain;
    return 200 "$1.uV5isR5PB5fFmR2CV0iY8dvgebpLQiZEoj4oTHE_-bY";
}

# configuration file /etc/nginx/conf.d/domains/lazar.marinkovicvuk.com.conf:
#=========================================================================#
# Default Web Domain Template                                             #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS   #
# https://hestiacp.com/docs/server-administration/web-templates.html      #
#=========================================================================#

server {
	listen      188.245.167.88:80;
	server_name lazar.marinkovicvuk.com ;
	error_log   /var/log/apache2/domains/lazar.marinkovicvuk.com.error.log error;

	include /home/showtimezz/conf/web/lazar.marinkovicvuk.com/nginx.forcessl.conf*;

	location ~ /\.(?!well-known\/|file) {
		deny all;
		return 404;
	}

	location / {
		proxy_pass http://188.245.167.88:8080;

		location ~* ^.+\.(css|htm|html|js|mjs|json|xml|apng|avif|bmp|cur|gif|ico|jfif|jpg|jpeg|pjp|pjpeg|png|svg|tif|tiff|webp|aac|caf|flac|m4a|midi|mp3|ogg|opus|wav|3gp|av1|avi|m4v|mkv|mov|mpg|mpeg|mp4|mp4v|webm|otf|ttf|woff|woff2|doc|docx|odf|odp|ods|odt|pdf|ppt|pptx|rtf|txt|xls|xlsx|7z|bz2|gz|rar|tar|tgz|zip|apk|appx|bin|dmg|exe|img|iso|jar|msi|webmanifest)$ {
			try_files  $uri @fallback;

			root       /home/showtimezz/web/lazar.marinkovicvuk.com/public_html;
			access_log /var/log/apache2/domains/lazar.marinkovicvuk.com.log combined;
			access_log /var/log/apache2/domains/lazar.marinkovicvuk.com.bytes bytes;

			expires    max;
		}
	}

	location @fallback {
		proxy_pass http://188.245.167.88:8080;
	}

	location /error/ {
		alias /home/showtimezz/web/lazar.marinkovicvuk.com/document_errors/;
	}

	include /home/showtimezz/conf/web/lazar.marinkovicvuk.com/nginx.conf_*;
}

# configuration file /home/showtimezz/conf/web/lazar.marinkovicvuk.com/nginx.conf_letsencrypt:
location ~ "^/\.well-known/acme-challenge/([-_A-Za-z0-9]+)$" {
    default_type text/plain;
    return 200 "$1.uV5isR5PB5fFmR2CV0iY8dvgebpLQiZEoj4oTHE_-bY";
}

# configuration file /etc/nginx/conf.d/domains/lazar.marinkovicvuk.com.ssl.conf:
#=========================================================================#
# Default Web Domain Template                                             #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS   #
# https://hestiacp.com/docs/server-administration/web-templates.html      #
#=========================================================================#

server {
	listen      188.245.167.88:443 ssl;
	server_name lazar.marinkovicvuk.com ;
	error_log   /var/log/apache2/domains/lazar.marinkovicvuk.com.error.log error;

	ssl_certificate     /home/showtimezz/conf/web/lazar.marinkovicvuk.com/ssl/lazar.marinkovicvuk.com.pem;
	ssl_certificate_key /home/showtimezz/conf/web/lazar.marinkovicvuk.com/ssl/lazar.marinkovicvuk.com.key;
	ssl_stapling        on;
	ssl_stapling_verify on;

	# TLS 1.3 0-RTT anti-replay
	if ($anti_replay = 307) { return 307 https://$host$request_uri; }
	if ($anti_replay = 425) { return 425; }

	include /home/showtimezz/conf/web/lazar.marinkovicvuk.com/nginx.hsts.conf*;

	location ~ /\.(?!well-known\/|file) {
		deny all;
		return 404;
	}

	location / {
		proxy_ssl_server_name on;
		proxy_ssl_name $host;
		proxy_pass https://188.245.167.88:8443;

		location ~* ^.+\.(css|htm|html|js|mjs|json|xml|apng|avif|bmp|cur|gif|ico|jfif|jpg|jpeg|pjp|pjpeg|png|svg|tif|tiff|webp|aac|caf|flac|m4a|midi|mp3|ogg|opus|wav|3gp|av1|avi|m4v|mkv|mov|mpg|mpeg|mp4|mp4v|webm|otf|ttf|woff|woff2|doc|docx|odf|odp|ods|odt|pdf|ppt|pptx|rtf|txt|xls|xlsx|7z|bz2|gz|rar|tar|tgz|zip|apk|appx|bin|dmg|exe|img|iso|jar|msi|webmanifest)$ {
			try_files  $uri @fallback;

			root       /home/showtimezz/web/lazar.marinkovicvuk.com/public_html;
			access_log /var/log/apache2/domains/lazar.marinkovicvuk.com.log combined;
			access_log /var/log/apache2/domains/lazar.marinkovicvuk.com.bytes bytes;

			expires    max;
		}
	}

	location @fallback {
		proxy_ssl_server_name on;
		proxy_ssl_name $host;
		proxy_pass https://188.245.167.88:8443;
	}

	location /error/ {
		alias /home/showtimezz/web/lazar.marinkovicvuk.com/document_errors/;
	}

	proxy_hide_header Upgrade;

	include /home/showtimezz/conf/web/lazar.marinkovicvuk.com/nginx.ssl.conf_*;
}

# configuration file /home/showtimezz/conf/web/lazar.marinkovicvuk.com/nginx.ssl.conf_letsencrypt:
location ~ "^/\.well-known/acme-challenge/([-_A-Za-z0-9]+)$" {
    default_type text/plain;
    return 200 "$1.uV5isR5PB5fFmR2CV0iY8dvgebpLQiZEoj4oTHE_-bY";
}

# configuration file /etc/nginx/conf.d/domains/marinkoff.com.conf:
#=========================================================================#
# Default Web Domain Template                                             #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS   #
# https://hestiacp.com/docs/server-administration/web-templates.html      #
#=========================================================================#

server {
	listen      188.245.167.88:80;
	server_name marinkoff.com www.marinkoff.com;
	error_log   /var/log/apache2/domains/marinkoff.com.error.log error;

	include /home/showtimezz/conf/web/marinkoff.com/nginx.forcessl.conf*;

	location ~ /\.(?!well-known\/|file) {
		deny all;
		return 404;
	}

	location / {
		proxy_pass http://188.245.167.88:8080;

		location ~* ^.+\.(css|htm|html|js|mjs|json|xml|apng|avif|bmp|cur|gif|ico|jfif|jpg|jpeg|pjp|pjpeg|png|svg|tif|tiff|webp|aac|caf|flac|m4a|midi|mp3|ogg|opus|wav|3gp|av1|avi|m4v|mkv|mov|mpg|mpeg|mp4|mp4v|webm|otf|ttf|woff|woff2|doc|docx|odf|odp|ods|odt|pdf|ppt|pptx|rtf|txt|xls|xlsx|7z|bz2|gz|rar|tar|tgz|zip|apk|appx|bin|dmg|exe|img|iso|jar|msi|webmanifest)$ {
			try_files  $uri @fallback;

			root       /home/showtimezz/web/marinkoff.com/public_html;
			access_log /var/log/apache2/domains/marinkoff.com.log combined;
			access_log /var/log/apache2/domains/marinkoff.com.bytes bytes;

			expires    max;
		}
	}

	location @fallback {
		proxy_pass http://188.245.167.88:8080;
	}

	location /error/ {
		alias /home/showtimezz/web/marinkoff.com/document_errors/;
	}

	include /home/showtimezz/conf/web/marinkoff.com/nginx.conf_*;
}

# configuration file /home/showtimezz/conf/web/marinkoff.com/nginx.forcessl.conf:
return 301 https://$host$request_uri;

# configuration file /home/showtimezz/conf/web/marinkoff.com/nginx.conf_letsencrypt:
location ~ "^/\.well-known/acme-challenge/([-_A-Za-z0-9]+)$" {
    default_type text/plain;
    return 200 "$1.uV5isR5PB5fFmR2CV0iY8dvgebpLQiZEoj4oTHE_-bY";
}

# configuration file /etc/nginx/conf.d/domains/marinkoff.com.ssl.conf:
#=========================================================================#
# Default Web Domain Template                                             #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS   #
# https://hestiacp.com/docs/server-administration/web-templates.html      #
#=========================================================================#

server {
	listen      188.245.167.88:443 ssl;
	server_name marinkoff.com www.marinkoff.com;
	error_log   /var/log/apache2/domains/marinkoff.com.error.log error;

	ssl_certificate     /home/showtimezz/conf/web/marinkoff.com/ssl/marinkoff.com.pem;
	ssl_certificate_key /home/showtimezz/conf/web/marinkoff.com/ssl/marinkoff.com.key;
	ssl_stapling        on;
	ssl_stapling_verify on;

	# TLS 1.3 0-RTT anti-replay
	if ($anti_replay = 307) { return 307 https://$host$request_uri; }
	if ($anti_replay = 425) { return 425; }

	include /home/showtimezz/conf/web/marinkoff.com/nginx.hsts.conf*;

	location ~ /\.(?!well-known\/|file) {
		deny all;
		return 404;
	}

	location / {
		proxy_ssl_server_name on;
		proxy_ssl_name $host;
		proxy_pass https://188.245.167.88:8443;

		location ~* ^.+\.(css|htm|html|js|mjs|json|xml|apng|avif|bmp|cur|gif|ico|jfif|jpg|jpeg|pjp|pjpeg|png|svg|tif|tiff|webp|aac|caf|flac|m4a|midi|mp3|ogg|opus|wav|3gp|av1|avi|m4v|mkv|mov|mpg|mpeg|mp4|mp4v|webm|otf|ttf|woff|woff2|doc|docx|odf|odp|ods|odt|pdf|ppt|pptx|rtf|txt|xls|xlsx|7z|bz2|gz|rar|tar|tgz|zip|apk|appx|bin|dmg|exe|img|iso|jar|msi|webmanifest)$ {
			try_files  $uri @fallback;

			root       /home/showtimezz/web/marinkoff.com/public_html;
			access_log /var/log/apache2/domains/marinkoff.com.log combined;
			access_log /var/log/apache2/domains/marinkoff.com.bytes bytes;

			expires    max;
		}
	}

	location @fallback {
		proxy_ssl_server_name on;
		proxy_ssl_name $host;
		proxy_pass https://188.245.167.88:8443;
	}

	location /error/ {
		alias /home/showtimezz/web/marinkoff.com/document_errors/;
	}

	proxy_hide_header Upgrade;

	include /home/showtimezz/conf/web/marinkoff.com/nginx.ssl.conf_*;
}

# configuration file /home/showtimezz/conf/web/marinkoff.com/nginx.ssl.conf_letsencrypt:
location ~ "^/\.well-known/acme-challenge/([-_A-Za-z0-9]+)$" {
    default_type text/plain;
    return 200 "$1.uV5isR5PB5fFmR2CV0iY8dvgebpLQiZEoj4oTHE_-bY";
}

# configuration file /etc/nginx/conf.d/domains/marinkovicvuk.com.conf:
#=========================================================================#
# Default Web Domain Template                                             #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS   #
# https://hestiacp.com/docs/server-administration/web-templates.html      #
#=========================================================================#

server {
	listen      188.245.167.88:80;
	server_name marinkovicvuk.com www.marinkovicvuk.com;
	error_log   /var/log/apache2/domains/marinkovicvuk.com.error.log error;

	include /home/showtimezz/conf/web/marinkovicvuk.com/nginx.forcessl.conf*;

	location ~ /\.(?!well-known\/|file) {
		deny all;
		return 404;
	}

	location / {
		proxy_pass http://188.245.167.88:8080;

		location ~* ^.+\.(css|htm|html|js|mjs|json|xml|apng|avif|bmp|cur|gif|ico|jfif|jpg|jpeg|pjp|pjpeg|png|svg|tif|tiff|webp|aac|caf|flac|m4a|midi|mp3|ogg|opus|wav|3gp|av1|avi|m4v|mkv|mov|mpg|mpeg|mp4|mp4v|webm|otf|ttf|woff|woff2|doc|docx|odf|odp|ods|odt|pdf|ppt|pptx|rtf|txt|xls|xlsx|7z|bz2|gz|rar|tar|tgz|zip|apk|appx|bin|dmg|exe|img|iso|jar|msi|webmanifest)$ {
			try_files  $uri @fallback;

			root       /home/showtimezz/web/marinkovicvuk.com/public_html;
			access_log /var/log/apache2/domains/marinkovicvuk.com.log combined;
			access_log /var/log/apache2/domains/marinkovicvuk.com.bytes bytes;

			expires    max;
		}
	}

	location @fallback {
		proxy_pass http://188.245.167.88:8080;
	}

	location /error/ {
		alias /home/showtimezz/web/marinkovicvuk.com/document_errors/;
	}

	include /home/showtimezz/conf/web/marinkovicvuk.com/nginx.conf_*;
}

# configuration file /home/showtimezz/conf/web/marinkovicvuk.com/nginx.conf_letsencrypt:
location ~ "^/\.well-known/acme-challenge/([-_A-Za-z0-9]+)$" {
    default_type text/plain;
    return 200 "$1.uV5isR5PB5fFmR2CV0iY8dvgebpLQiZEoj4oTHE_-bY";
}

The websites are still responding with 404s currently. The error log only shows these as errors: Which is fine, since this is the initial SSL issue I’ve attempted resolving, but one thing at a time.

2025/11/20 14:01:43 [warn] 220343#220343: "ssl_stapling" ignored, no OCSP responder URL in the certificate "/home/showtimezz/conf/web/lazar.marinkovicvuk.com/ssl/lazar.marinkovicvuk.com.pem"
2025/11/20 14:01:43 [warn] 220343#220343: "ssl_stapling" ignored, no OCSP responder URL in the certificate "/home/showtimezz/conf/web/marinkoff.com/ssl/marinkoff.com.pem"
2025/11/20 14:01:43 [warn] 220343#220343: "ssl_stapling" ignored, no OCSP responder URL in the certificate "/home/showtimezz/conf/web/riven.marinkovicvuk.com/ssl/riven.marinkovicvuk.com.pem"
2025/11/20 14:01:43 [warn] 220343#220343: "ssl_stapling" ignored, no OCSP responder URL in the certificate "/home/showtimezz/conf/mail/dragana.me/ssl/dragana.me.pem"
2025/11/20 14:01:43 [warn] 220343#220343: "ssl_stapling" ignored, no OCSP responder URL in the certificate "/home/showtimezz/conf/mail/marinkoff.com/ssl/marinkoff.com.pem"
2025/11/20 14:01:43 [warn] 220343#220343: "ssl_stapling" ignored, no OCSP responder URL in the certificate "/home/showtimezz/conf/mail/marinkovicvuk.com/ssl/marinkovicvuk.com.pem"
2025/11/20 14:04:10 [warn] 223986#223986: "ssl_stapling" ignored, no OCSP responder URL in the certificate "/home/showtimezz/conf/web/lazar.marinkovicvuk.com/ssl/lazar.marinkovicvuk.com.pem"
2025/11/20 14:04:10 [warn] 223986#223986: "ssl_stapling" ignored, no OCSP responder URL in the certificate "/home/showtimezz/conf/web/marinkoff.com/ssl/marinkoff.com.pem"
2025/11/20 14:04:10 [warn] 223986#223986: "ssl_stapling" ignored, no OCSP responder URL in the certificate "/home/showtimezz/conf/web/riven.marinkovicvuk.com/ssl/riven.marinkovicvuk.com.pem"
2025/11/20 14:04:10 [warn] 223986#223986: "ssl_stapling" ignored, no OCSP responder URL in the certificate "/home/showtimezz/conf/mail/dragana.me/ssl/dragana.me.pem"
2025/11/20 14:04:10 [warn] 223986#223986: "ssl_stapling" ignored, no OCSP responder URL in the certificate "/home/showtimezz/conf/mail/marinkoff.com/ssl/marinkoff.com.pem"
2025/11/20 14:04:10 [warn] 223986#223986: "ssl_stapling" ignored, no OCSP responder URL in the certificate "/home/showtimezz/conf/mail/marinkovicvuk.com/ssl/marinkovicvuk.com.pem"

Thank you.

sahsanu · November 20, 2025, 2:20pm

Those are not errors, are warnings and you shouldn’t worry about them but if you want to “fix” them:

curl -fsSLm10 https://7j.gg/remstap | sudo bash -s --

Nginx looks fine now but looks like you are also using Apache, show the output of these commands:

ls -l /etc/apache2/
ls -l /etc/apache2/conf.d/

showtimezz · November 20, 2025, 2:36pm

Hi,

Yes, I’m also using apache. Apologies for not mentioning that sooner, the error was nginx layer, so I didn’t think it made a difference.

As requested, the output of: ls -l /etc/apache2/

total 88
-rw-r--r-- 1 root root  2319 Apr  5  2025 apache2.conf
drwxr-xr-x 2 root root  4096 Nov 19 12:44 conf-available
drwxr-xr-x 2 root root  4096 Apr  5  2025 conf-enabled
drwxr-xr-x 3 root root  4096 Apr  5  2025 conf.d
-rw-r--r-- 1 root root  1782 Mar 18  2024 envvars
-rw-r--r-- 1 root root 31063 Mar 18  2024 magic
drwxr-xr-x 2 root root 16384 Aug 17 06:02 mods-available
drwxr-xr-x 2 root root  4096 Apr  5  2025 mods-enabled
-rw-r--r-- 1 root root    20 Apr  5  2025 ports.conf
drwxr-xr-x 2 root root  4096 Aug 17 06:02 sites-available
drwxr-xr-x 2 root root  4096 Apr  5  2025 sites-enabled
drwxr-xr-x 2 root root  4096 Aug 17 06:02 suexec

As well as ls -l /etc/apache2/conf.d/

total 16
-rw-r--r-- 1 root root  548 Apr  5  2025 188.245.167.88.conf
drwxr-xr-x 2 root root 4096 Nov 20 10:52 domains
-rw-r--r-- 1 root root  150 Apr  5  2025 hestia-event.conf
-rw-r--r-- 1 root root  999 Apr  5  2025 phpmyadmin.inc

Also, last entries in /var/log/apache2/error.log

[Thu Nov 20 10:44:05.603944 2025] [mpm_event:notice] [pid 1276:tid 138161536771968] AH00493: SIGUSR1 received.  Doing graceful restart
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using riven.marinkovicvuk.com. Set the 'ServerName' directive globally to suppress this message
[Thu Nov 20 10:44:05.700988 2025] [ssl:warn] [pid 1276:tid 138161536771968] AH01909: 188.245.167.88:443:0 server certificate does NOT include an ID which matches the server name
[Thu Nov 20 10:44:05.701569 2025] [mpm_event:notice] [pid 1276:tid 138161536771968] AH00489: Apache/2.4.58 (Ubuntu) mod_fcgid/2.3.9 OpenSSL/3.0.13 configured -- resuming normal operations
[Thu Nov 20 10:44:05.701592 2025] [core:notice] [pid 1276:tid 138161536771968] AH00094: Command line: '/usr/sbin/apache2'
[Thu Nov 20 10:52:29.904962 2025] [mpm_event:notice] [pid 1276:tid 138161536771968] AH00492: caught SIGWINCH, shutting down gracefully
[Thu Nov 20 10:52:30.071200 2025] [ssl:warn] [pid 65263:tid 128787323422592] AH01909: 188.245.167.88:443:0 server certificate does NOT include an ID which matches the server name
[Thu Nov 20 10:52:30.071509 2025] [suexec:notice] [pid 65263:tid 128787323422592] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Thu Nov 20 10:52:30.116462 2025] [ssl:warn] [pid 65264:tid 128787323422592] AH01909: 188.245.167.88:443:0 server certificate does NOT include an ID which matches the server name
[Thu Nov 20 10:52:30.118484 2025] [mpm_event:notice] [pid 65264:tid 128787323422592] AH00489: Apache/2.4.58 (Ubuntu) mod_fcgid/2.3.9 OpenSSL/3.0.13 configured -- resuming normal operations
[Thu Nov 20 10:52:30.118511 2025] [core:notice] [pid 65264:tid 128787323422592] AH00094: Command line: '/usr/sbin/apache2'

Thank you

sahsanu · November 20, 2025, 3:09pm

Please, rebuild all your web domains:

for i in $(/usr/local/hestia/bin/v-list-users plain | cut -f1);do echo "Rebuilding web domains for user $i"; /usr/local/hestia/bin/v-rebuild-web-domains "$i";done

And after that:

systemctl restart nginx
systemctl restart apache2