ISPConfig and IP Failover configuration

Discussion in 'Installation/Configuration' started by HitoDev, Sep 24, 2021.

Tags:
  1. HitoDev

    HitoDev Member

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    You don't have to add it anywhere in ISPConfig. Just take care to use * in the IPv4 field of the websites.
     
  3. I have an IPv4 failover for each of my servers. What I did was, the moment I had ISPC set up and running, to add the failover IP in System->Server IP addresses . There I also decided to disable the primary IP of the server, since I'm only using my failover IP, but this step is optional.

    Be aware that some outgoing services, most notably postfix, might use both IPs indiscriminately, and you might not want that behavior when using SPF and DKIM. In my case I just had to tell postfix only use my desired outbound addresses with:

    smtp_bind_address = your_failover_IPv4_address
    smtp_bind_address6 = your_IPv6_address_if_you_use_one

    EDIT: Next sentence in italic is compeltely wrong. Please ignore it: Keep in mind that these settings will be lost when you upgrade your ISPC installation. It would be a simple and nice addition to have this integrated in the ISPC panel but adding them after every update is not a big deal either.
     
    Last edited: Sep 28, 2021
  4. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    You sure about that? From memory, I don't think ispconfig uses those settings currently.
     
    Ignacio Garcia likes this.
  5. Oh, you're right. My mistake. Editing it now
     
  6. HitoDev

    HitoDev Member

    Hello
    Thank you for replies and your recommendation.
    Switching from IPSC server to another seems to work but there is a problem with LE certs.

    But :
    – One domain get the wrong certs
    – After a renewing attempt (by checking/unchecking Let's Encrypt SSL checkbox) I get :
    SSL_ERROR_RX_TOO_LONG

    -- Some website have IPV6 DNS should I disabled it ?
    -- There are some secondary DNS configured in SoYouStart manager (pointing to the active server IP, not the IPFO IP)
    -- Also I don't know if to have LE cert enabled on the two servers with the same domains can be a problem, or not ?

    -- Currently I didn't put the IPFO anywhere in ISPC
     
    Last edited: Oct 12, 2021
  7. HitoDev

    HitoDev Member

    Your two ISPC instances has only your IPFO in system settings in System > IP adresses ?
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    As I mentioned in #2, the best way is to not set IPs there, just use * in the website settings.
     
    ahrasis likes this.
  9. HitoDev

    HitoDev Member

    * fir IP address both
    in site settings and server settings ?
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Just in site settings. The IP in server settings does not really matter as automatic network device configuration is off by default and you should keep it in the off state.
     
  11. HitoDev

    HitoDev Member

    Thank you for your replies.
    Regarding LE certs I don't know exactly if I can keep LE certs enabled on the backup server -- and if changes on the backup server regarding LE certs can have an impact on the production server. Certs files are generated on each servers but I don't know if cert status or other certs related data are recorded elsewhere...
     
  12. HitoDev

    HitoDev Member

    Thanks for your replies.
    In the SouYoustart manager it is possible to add secondary DNS but domains can only be linked to physical servers names/IPs, not to the IPFO IP itself.
    Should I define DNS entries for the active (main server) or remove all secondary DNS here ?
    2021-11-09 10_32_31-So You Start - Iron.jpg
     

Share This Page