To follow up my previous post, I had left the freshly installed Debian 10 CT with HestiaCP 1.2.0 running unattended for about a day, and I just checked it only to find out a huge mail queue with tens of thousands of mails!
Apparently the 1000s of e-mails are generated by cron taks, due to DNS config issues:
root@vm05:/var/spool/exim4# more /var/spool/exim4/input/1jma2b-0007xP-Uu-D
1jma2b-0007xP-Uu-D
sudo: unable to resolve host vm05.mydomain.tld: Name or service not known
root@vm05:/var/spool/exim4#
You didnt have set your hostname properly, add vm05.domain.tld after vm05 with a space between - so the messages will stop. You can also clear the freezed messages, a short google search will lead you to the right command. To prevent this in future, we currently discuss a valdiation check during installation.
Sure, I know how to manually configure DNS ( /etc/hosts and ISC Bind or dnsmasq), but I assumed HestiaCP would configure everything automagically.
Btw a good idea would be to add a header “Don’t edit this file manually … blah blah” to any config files that would be over-written by HestiaCP’s scripts.
Since DNS is so critical for the operation of any Internet server, please suggest some “best practices” when setting up a reliable HestiaCP server e.g.
manually add the FQDN and real IP into /etc/hosts (assuming it won’t get overwritten automatically by some HestiaCP script later)
add HestiaCP hostname to our external DNS servers
add HestiaCP hostname in BIND (if running locally on)
I just checked an Debian 9 & 10 and Ubuntu 18.04 server all consult files then dns, according to /etc/nsswitch.conf
hosts: files dns
A decent summary of what /etc/hosts should look like can be found at
PS: I don’t mind at all configuring the HestiaCP server MANUALLY, as long as I know that HestiaCP won’t touch the same files. Btw let’s suppose that you wanted to RENAME the server, how would you do it ?
I use Proxmox and chose to use ubuntu 20.04 LXC template. When I attempted to install the latest hestiaCP it failed, this was due to curl missing. I was able to fix it by running apt install curl. A check to see if curl is installed and auto install it if needed should correct it.
I have been fighting this for hours… more and more errors. Never ending it seems.
Debian 10
after trying to enable ipset in GUI
had an error
went to terminal
root@hestia:/usr/local/vesta/bin# apt install ipset
Reading package lists... Done
Building dependency tree
Reading state information... Done
ipset is already the newest version (6.38-1.2).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n]
Setting up apache2 (2.4.43-1+0~20200511.11+debian10~1.gbpdc0c89) ...
ERROR: Config file status.conf not properly enabled: /etc/apache2/mods-enabled/status.conf is a real file, not touching it
dpkg: error processing package apache2 (--configure):
installed apache2 package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
apache2
E: Sub-process /usr/bin/dpkg returned an error code (1)
root@hestia:/usr/local/vesta/bin# apt -f install
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up apache2 (2.4.43-1+0~20200511.11+debian10~1.gbpdc0c89) ...
ERROR: Config file status.conf not properly enabled: /etc/apache2/mods-enabled/status.conf is a real file, not touching it
dpkg: error processing package apache2 (--configure):
installed apache2 package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
apache2
E: Sub-process /usr/bin/dpkg returned an error code (1)
root@hestia:/etc/apache2/mods-available# apache2 --configure
[Tue Jun 23 17:32:56.207230 2020] [core:warn] [pid 2760] AH00111: Config variable ${APACHE_PID_FILE} is not defined
[Tue Jun 23 17:32:56.207761 2020] [core:warn] [pid 2760] AH00111: Config variable ${APACHE_RUN_USER} is not defined
[Tue Jun 23 17:32:56.207981 2020] [core:warn] [pid 2760] AH00111: Config variable ${APACHE_RUN_GROUP} is not defined
[Tue Jun 23 17:32:56.208221 2020] [core:warn] [pid 2760] AH00111: Config variable ${APACHE_LOG_DIR} is not defined
[Tue Jun 23 17:32:56.289736 2020] [core:warn] [pid 2760:tid 139852141139072] AH00111: Config variable ${APACHE_RUN_DIR} is not defined
root@hestia:/usr/local/hestia/bin# apt install ipset
Reading package lists... Done
Building dependency tree
Reading state information... Done
ipset is already the newest version (6.38-1.2).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] y
Setting up apache2 (2.4.43-1+0~20200511.11+debian10~1.gbpdc0c89) ...
info: Executing deferred 'a2enconf javascript-common' for package javascript-common
ERROR: Conf javascript-common does not exist!
dpkg: error processing package apache2 (--configure):
installed apache2 package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
apache2
E: Sub-process /usr/bin/dpkg returned an error code (1)
root@hestia:/usr/local/hestia/bin# apt install javascript-common
Reading package lists... Done
Building dependency tree
Reading state information... Done
javascript-common is already the newest version (11).
javascript-common set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n]
Setting up apache2 (2.4.43-1+0~20200511.11+debian10~1.gbpdc0c89) ...
info: Executing deferred 'a2enconf javascript-common' for package javascript-common
ERROR: Conf javascript-common does not exist!
dpkg: error processing package apache2 (--configure):
installed apache2 package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
apache2
E: Sub-process /usr/bin/dpkg returned an error code (1)
root@hestia:/usr/local/hestia/bin# apt install javascript-common^C
root@hestia:/usr/local/hestia/bin# apache2 --configure
[Tue Jun 23 17:47:01.901054 2020] [core:warn] [pid 5197] AH00111: Config variable ${APACHE_PID_FILE} is not defined
[Tue Jun 23 17:47:01.901625 2020] [core:warn] [pid 5197] AH00111: Config variable ${APACHE_RUN_USER} is not defined
[Tue Jun 23 17:47:01.901880 2020] [core:warn] [pid 5197] AH00111: Config variable ${APACHE_RUN_GROUP} is not defined
[Tue Jun 23 17:47:01.902153 2020] [core:warn] [pid 5197] AH00111: Config variable ${APACHE_LOG_DIR} is not defined
[Tue Jun 23 17:47:01.955640 2020] [core:warn] [pid 5197:tid 139939131389056] AH00111: Config variable ${APACHE_RUN_DIR} is not defined
AH00543: apache2: bad user name ${APACHE_RUN_USER}
root@hestia:/usr/local/hestia/bin# journalctl -xe
Jun 23 17:46:19 hestia.example.com dbus-daemon[332]: [system] Activating via systemd: service name='org.freedesktop.PackageKit' unit='packagekit.servi
Jun 23 17:46:19 hestia.example.com systemd[1]: Starting PackageKit Daemon...
-- Subject: A start job for unit packagekit.service has begun execution
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit packagekit.service has begun execution.
--
-- The job identifier is 2506.
Jun 23 17:46:19 hestia.example.com PackageKit[5030]: daemon start
Jun 23 17:46:19 hestia.example.com dbus-daemon[332]: [system] Successfully activated service 'org.freedesktop.PackageKit'
Jun 23 17:46:19 hestia.example.com systemd[1]: Started PackageKit Daemon.
-- Subject: A start job for unit packagekit.service has finished successfully
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit packagekit.service has finished successfully.
--
-- The job identifier is 2506.
Jun 23 17:46:54 hestia.example.com apache2.postinst[5145]: Executing deferred 'a2enconf javascript-common' for package javascript-common
Btw the “ipset” pkg should probably be added to the installer (as should the user-space “apparmor” pkg).
I find the combination of ipsets and certain iptables modules (e.g. hashlimit) to be invaluable in production Internet servers for taking “preventive” measures (since 60-80% of malicious traffic comes from specific countries).