Hestia 1.2.0 RC - WE NEED YOU!

kpv · June 22, 2020, 7:03pm

Since DNS is so critical for the operation of any Internet server, please suggest some “best practices” when setting up a reliable HestiaCP server e.g.

manually add the FQDN and real IP into /etc/hosts (assuming it won’t get overwritten automatically by some HestiaCP script later)
add HestiaCP hostname to our external DNS servers
add HestiaCP hostname in BIND (if running locally on)

I just checked an Debian 9 & 10 and Ubuntu 18.04 server all consult files then dns, according to /etc/nsswitch.conf

hosts: files dns

A decent summary of what /etc/hosts should look like can be found at

PS: I don’t mind at all configuring the HestiaCP server MANUALLY, as long as I know that HestiaCP won’t touch the same files. Btw let’s suppose that you wanted to RENAME the server, how would you do it ?

Raphael · June 22, 2020, 8:25pm

2 posts were split to a new topic: How to increase max upload size in filemanager?

Lupu · June 22, 2020, 7:08pm

Looking trough the debian installer, /etc/hosts is updated with the hostname in some cases, so I think we can improve that process a little bit.

johnny · June 23, 2020, 3:41am

I use Proxmox and chose to use ubuntu 20.04 LXC template. When I attempted to install the latest hestiaCP it failed, this was due to curl missing. I was able to fix it by running apt install curl. A check to see if curl is installed and auto install it if needed should correct it.

eris · June 23, 2020, 6:00am

There is by default a check for curl

github.com

hestiacp/hestiacp/blob/ba804fa95f9a5bfe293d9a9c6e8e906211905f21/install/hst-install-ubuntu.sh#L35


# Define software versions
HESTIA_INSTALL_VER='1.2.0'
pma_v='5.0.2'
multiphp_v=("5.6" "7.0" "7.1" "7.2" "7.3" "7.4")
fpm_v="7.3"
mariadb_v="10.4"

# Defining software pack for all distros
software="apache2 apache2.2-common apache2-suexec-custom apache2-utils
    apparmor-utils awstats bc bind9 bsdmainutils bsdutils clamav-daemon
    cron curl dnsutils dovecot-imapd dovecot-pop3d e2fslibs e2fsprogs exim4
    exim4-daemon-heavy expect fail2ban flex ftp git idn imagemagick
    libapache2-mod-fcgid libapache2-mod-php$fpm_v libapache2-mod-rpaf
    lsof mc mariadb-client mariadb-common mariadb-server nginx ntpdate
    php$fpm_v php$fpm_v-cgi php$fpm_v-common php$fpm_v-curl phpmyadmin
    php$fpm_v-mysql php$fpm_v-imap php$fpm_v-ldap php$fpm_v-apcu phppgadmin
    php$fpm_v-pgsql php$fpm_v-zip php$fpm_v-bz2 php$fpm_v-cli php$fpm_v-gd
    php$fpm_v-imagick php$fpm_v-intl php$fpm_v-json php$fpm_v-mbstring
    php$fpm_v-opcache php$fpm_v-pspell php$fpm_v-readline php$fpm_v-xml
    postgresql postgresql-contrib proftpd-basic quota roundcube-core
    roundcube-mysql roundcube-plugins rrdtool rssh spamassassin sudo hestia

How ever if curl and wget does not exists the file will refuse to download of course

github.com

hestiacp/hestiacp/blob/master/install/hst-install.sh

#!/bin/bash
# Hestia installation wrapper
# https://www.hestiacp.com

#
# Currently Supported Operating Systems:
#
#   Debian 9, 10
#   Ubuntu 16.04, 18.04, 20.04
#

# Am I root?
if [ "x$(id -u)" != 'x0' ]; then
    echo 'Error: this script can only be executed by root'
    exit 1
fi

# Check admin user account
if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ -z "$1" ]; then
    echo "Error: user admin exists"

This file has been truncated. show original

Raphael · June 23, 2020, 1:53pm

3 posts were split to a new topic: Some problems with 1.2.0 RC installation

kpv · June 23, 2020, 8:33pm

Today there was a flurry of commits to the Vesta CP github by dpeca, and some seem to be applicable to Hestia CP e.g. https://github.com/serghey-rodin/vesta/commit/d9e9c643699309594e8769a44ea8dd6e1e22e245

arktex54 · June 23, 2020, 10:50pm

I have been fighting this for hours… more and more errors. Never ending it seems.

Debian 10
after trying to enable ipset in GUI
had an error
went to terminal

root@hestia:/usr/local/vesta/bin# apt install ipset
Reading package lists... Done
Building dependency tree
Reading state information... Done
ipset is already the newest version (6.38-1.2).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n]
Setting up apache2 (2.4.43-1+0~20200511.11+debian10~1.gbpdc0c89) ...
ERROR: Config file status.conf not properly enabled: /etc/apache2/mods-enabled/status.conf is a real file, not touching it
dpkg: error processing package apache2 (--configure):
 installed apache2 package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
 apache2
E: Sub-process /usr/bin/dpkg returned an error code (1)

root@hestia:/usr/local/vesta/bin# apt -f install
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up apache2 (2.4.43-1+0~20200511.11+debian10~1.gbpdc0c89) ...
ERROR: Config file status.conf not properly enabled: /etc/apache2/mods-enabled/status.conf is a real file, not touching it
dpkg: error processing package apache2 (--configure):
 installed apache2 package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
 apache2
E: Sub-process /usr/bin/dpkg returned an error code (1)

root@hestia:/etc/apache2/mods-available# apache2 --configure
[Tue Jun 23 17:32:56.207230 2020] [core:warn] [pid 2760] AH00111: Config variable ${APACHE_PID_FILE} is not defined
[Tue Jun 23 17:32:56.207761 2020] [core:warn] [pid 2760] AH00111: Config variable ${APACHE_RUN_USER} is not defined
[Tue Jun 23 17:32:56.207981 2020] [core:warn] [pid 2760] AH00111: Config variable ${APACHE_RUN_GROUP} is not defined
[Tue Jun 23 17:32:56.208221 2020] [core:warn] [pid 2760] AH00111: Config variable ${APACHE_LOG_DIR} is not defined
[Tue Jun 23 17:32:56.289736 2020] [core:warn] [pid 2760:tid 139852141139072] AH00111: Config variable ${APACHE_RUN_DIR} is not defined

root@hestia:/usr/local/hestia/bin# netstat -antp | grep -i apache
tcp        0      0 192.3.x.x:8443       0.0.0.0:*               LISTEN      1293/apache2
tcp        0      0 192.3.x.x:8080       0.0.0.0:*               LISTEN      1293/apache2
tcp        0      0 127.0.0.1:8081          0.0.0.0:*               LISTEN      1293/apache2

root@hestia:/usr/local/hestia/bin# apt install ipset
Reading package lists... Done
Building dependency tree
Reading state information... Done
ipset is already the newest version (6.38-1.2).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] y
Setting up apache2 (2.4.43-1+0~20200511.11+debian10~1.gbpdc0c89) ...
info: Executing deferred 'a2enconf javascript-common' for package javascript-common
ERROR: Conf javascript-common does not exist!
dpkg: error processing package apache2 (--configure):
 installed apache2 package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
 apache2
E: Sub-process /usr/bin/dpkg returned an error code (1)
root@hestia:/usr/local/hestia/bin# apt install javascript-common
Reading package lists... Done
Building dependency tree
Reading state information... Done
javascript-common is already the newest version (11).
javascript-common set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n]
Setting up apache2 (2.4.43-1+0~20200511.11+debian10~1.gbpdc0c89) ...
info: Executing deferred 'a2enconf javascript-common' for package javascript-common
ERROR: Conf javascript-common does not exist!
dpkg: error processing package apache2 (--configure):
 installed apache2 package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
 apache2
E: Sub-process /usr/bin/dpkg returned an error code (1)
root@hestia:/usr/local/hestia/bin# apt install javascript-common^C
root@hestia:/usr/local/hestia/bin# apache2 --configure
[Tue Jun 23 17:47:01.901054 2020] [core:warn] [pid 5197] AH00111: Config variable ${APACHE_PID_FILE} is not defined
[Tue Jun 23 17:47:01.901625 2020] [core:warn] [pid 5197] AH00111: Config variable ${APACHE_RUN_USER} is not defined
[Tue Jun 23 17:47:01.901880 2020] [core:warn] [pid 5197] AH00111: Config variable ${APACHE_RUN_GROUP} is not defined
[Tue Jun 23 17:47:01.902153 2020] [core:warn] [pid 5197] AH00111: Config variable ${APACHE_LOG_DIR} is not defined
[Tue Jun 23 17:47:01.955640 2020] [core:warn] [pid 5197:tid 139939131389056] AH00111: Config variable ${APACHE_RUN_DIR} is not defined
AH00543: apache2: bad user name ${APACHE_RUN_USER}
root@hestia:/usr/local/hestia/bin# journalctl -xe
Jun 23 17:46:19 hestia.example.com dbus-daemon[332]: [system] Activating via systemd: service name='org.freedesktop.PackageKit' unit='packagekit.servi
Jun 23 17:46:19 hestia.example.com systemd[1]: Starting PackageKit Daemon...
-- Subject: A start job for unit packagekit.service has begun execution
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit packagekit.service has begun execution.
--
-- The job identifier is 2506.
Jun 23 17:46:19 hestia.example.com PackageKit[5030]: daemon start
Jun 23 17:46:19 hestia.example.com dbus-daemon[332]: [system] Successfully activated service 'org.freedesktop.PackageKit'
Jun 23 17:46:19 hestia.example.com systemd[1]: Started PackageKit Daemon.
-- Subject: A start job for unit packagekit.service has finished successfully
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit packagekit.service has finished successfully.
--
-- The job identifier is 2506.
Jun 23 17:46:54 hestia.example.com apache2.postinst[5145]: Executing deferred 'a2enconf javascript-common' for package javascript-common

eris · June 23, 2020, 11:06pm

Again Vesta to Hestia without a clean install is not possible.

Lupu · June 23, 2020, 11:12pm

I hope that’s not a production server @arktex54

arktex54 · June 23, 2020, 11:13pm

Not really… just a play server with public IP.

arktex54 · June 23, 2020, 11:21pm

This is hestia v1.1 to v1.2. I don’t see any type of ipset in GUI or bin for myvesta. Two separate servers.

eris · June 23, 2020, 11:22pm

root@hestia:/usr/local/vesta/bin# apt install ipset

And

root@hestia:/usr/local/vesta/bin# apt -f install

Don’t see vesta folders on a clean install Hestia setup…

arktex54 · June 23, 2020, 11:27pm

It’s a symlink I use for keyboarding. Typing /usr/local/vesta/bin/ for years is natural. putty_2020-06-23_18-26-19

kpv · June 23, 2020, 11:27pm

Btw the “ipset” pkg should probably be added to the installer (as should the user-space “apparmor” pkg).

I find the combination of ipsets and certain iptables modules (e.g. hashlimit) to be invaluable in production Internet servers for taking “preventive” measures (since 60-80% of malicious traffic comes from specific countries).

eris · June 23, 2020, 11:32pm

Ipset and apparmor are allready in the new installer…

github.com

hestiacp/hestiacp/blob/master/install/hst-install-ubuntu.sh

#!/bin/bash

# Hestia Ubuntu installer v1.0

#----------------------------------------------------------#
#                  Variables&Functions                     #
#----------------------------------------------------------#
export PATH=$PATH:/sbin
export DEBIAN_FRONTEND=noninteractive
RHOST='apt.hestiacp.com'
GPG='gpg.hestiacp.com'
VERSION='ubuntu'
HESTIA='/usr/local/hestia'
LOG="/root/hst_install_backups/hst_install-$(date +%d%m%Y%H%M).log"
memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9])
hst_backups="/root/hst_install_backups/$(date +%d%m%Y%H%M)"
arch=$(uname -i)
spinner="/-\|"
os='ubuntu'
release="$(lsb_release -s -r)"

This file has been truncated. show original

arktex54 · June 23, 2020, 11:33pm

Here’s the primary and production server:
vivaldi_2020-06-23_18-33-07

arktex54 · June 23, 2020, 11:36pm

I installed that script today. It either didn’t install or something happened when the GUI wrote the conf files.

putty_2020-06-23_18-35-55

kpv · June 23, 2020, 11:38pm

@Lupu what would be the recommended method to use my own firewall rules on a Hestia server?

I usually install iptables-persistent with a custom iptables rule-set. Typically, I filter inbound traffic with geoIP ipsets, then use either hashlimit or recent modules block offenders. One could even add offender IPs to an ipset, see https://volkan.xyz/insane-iptables-examples-that-make-nearly-everything-possible/

PS: I haven’t used fail2ban since 2010 … It used to block offender IPs using a separate iptables rule for each IP, which resulted in huge rules.

Lupu · June 23, 2020, 11:44pm

@arktex54 It’s getting very difficult to follow your problem, please describe the steps one would have to do to reproduce your issue starting from a clean Debian10.

@kpv I would prefer to keep this thread focused on problems found when upgrading to Hestia v1.2.0 (which has support for ipset, blacklist and country wide lists)