These forums helped me several times, just by reading or following the guides. I hope, this time you can give some direct advise: i've got a small home-server (intel nuke i5), running Debian Buster. I host some static webpages, getting the redirection from Hetzner, of which only one is "productive". I tried to install pihole, to have some additional use of the box, including lighttpd. pihole couldn't start it's own nameserver, as bind occupied port 53. As i guess, i don't need bind, i disabled it in ISPConfig. Anyways, the port still is used by named and named is still running. I started an update of ISPConfig (beeing root by "su" not "su -"), answering the questions to stop several services, which were running, with the default "yes". After updating ISPConfig, the Backend was not reachable anymore (connection refused). The hosted sites where still reachable (maybe due to cache or dns-delay, i don't know) I uninstalled pihole and lighttpd, purged nginx and reinstalled it, ran the ISPConfig-update with --force (this time with "su -") and answered the questions to activate the services with "yes". I still can't reach the ISPConfig backend and the hosted sites now show the nginx-default page. I copied the working backups for etc and ispconfig-software to the original positions, no change. I didn't copy the sql-backup yet, because i'm not sure, how to perform this in a failsafe way. I'd delete the actual db (having done a backup) and load the working backup, but i'm not sure, if that's the right way. I'm stuck now. Debian-Info: No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux 10 (buster) Release: 10 Codename: buster php-info: PHP 7.3.31-1~deb10u1 (cli) (built: Oct 24 2021 15:18:08) ( NTS ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.3.31, Copyright (c) 1998-2018 Zend Technologies with Zend OPcache v7.3.31-1~deb10u1, Copyright (c) 1999-2018, by Zend Technologies mariadb and nginx the test-script reports: Code: ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] OS version is Debian GNU/Linux 10 (buster) [INFO] uptime: 12:39:22 up 1 day, 14:40, 1 user, load average: 0,15, 0,21, 0,19 [INFO] memory: total used free shared buff/cache available Mem: 7,7Gi 362Mi 6,2Gi 57Mi 1,2Gi 7,0Gi Swap: 7,9Gi 0B 7,9Gi [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.2.8p2 ##### VERSION CHECK ##### [INFO] php (cli) version is 7.3.31-1~deb10u1 [INFO] php-cgi (used for cgi php in default vhost!) is version 7.3.31 ##### PORT CHECK ##### [WARN] Port 8080 (ISPConfig) seems NOT to be listening [WARN] Port 443 (Webserver SSL) seems NOT to be listening ##### MAIL SERVER CHECK ##### ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Unknown process (nginx:) (PID 26238) [INFO] I found the following mail server(s): Postfix (PID 2213) [INFO] I found the following pop3 server(s): Dovecot (PID 2220) [INFO] I found the following imap server(s): Dovecot (PID 2220) [INFO] I found the following ftp server(s): PureFTP (PID 2255) ##### LISTENING PORTS ##### Server) () Local (Address) [anywhere]:110 (2220/dovecot) [anywhere]:143 (2220/dovecot) [anywhere]:80 (26238/nginx:) [anywhere]:10000 (1113/perl) [anywhere]:465 (2213/master) [anywhere]:8081 (26238/nginx:) ***.***.***.***:53 (2263/named) [localhost]:53 (2263/named) [anywhere]:21 (2255/pure-ftpd) [anywhere]:22 (639/sshd) [localhost]:953 (2263/named) [anywhere]:25 (2213/master) [anywhere]:993 (2220/dovecot) [anywhere]:995 (2220/dovecot) [anywhere]:587 (2213/master) [localhost]:11211 (618/memcached) [localhost]10 (2220/dovecot) [localhost]43 (2220/dovecot) *:*:*:*::*:80 (26238/nginx:) *:*:*:*::*:465 (2213/master) *:*:*:*::*:8081 (26238/nginx:) *:*:*:*::*:53 (2263/named) *:*:*:*::*:21 (2255/pure-ftpd) *:*:*:*::*:22 (639/sshd) *:*:*:*::*:953 (2263/named) *:*:*:*::*:25 (2213/master) *:*:*:*::*:993 (2220/dovecot) *:*:*:*::*:995 (2220/dovecot) *:*:*:*::*:3306 (1928/mysqld) *:*:*:*::*:587 (2213/master) ##### IPTABLES ##### Chain INPUT (policy DROP) target prot opt source destination ufw-before-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-before-input all -- [anywhere]/0 [anywhere]/0 ufw-after-input all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-reject-input all -- [anywhere]/0 [anywhere]/0 ufw-track-input all -- [anywhere]/0 [anywhere]/0 Chain FORWARD (policy DROP) target prot opt source destination ufw-before-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-before-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-reject-forward all -- [anywhere]/0 [anywhere]/0 ufw-track-forward all -- [anywhere]/0 [anywhere]/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-before-output all -- [anywhere]/0 [anywhere]/0 ufw-after-output all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-reject-output all -- [anywhere]/0 [anywhere]/0 ufw-track-output all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-input (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 ctstate INVALID DROP all -- [anywhere]/0 [anywhere]/0 ctstate INVALID ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp spt:67 dpt:68 ufw-not-local all -- [anywhere]/0 [anywhere]/0 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:5353 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:1900 ufw-user-input all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-output (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-user-output all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ufw-user-forward all -- [anywhere]/0 [anywhere]/0 Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:137 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:138 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:139 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:445 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:67 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:68 ufw-skip-to-policy-input all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-logging-input (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) target prot opt source destination Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 ctstate NEW ACCEPT udp -- [anywhere]/0 [anywhere]/0 ctstate NEW Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-logging-deny (2 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ctstate INVALID limit: avg 3/min burst 10 LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-logging-allow (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] " Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-not-local (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type LOCAL RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type MULTICAST RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-user-input (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 multiport dports 80,443 /* 'dapp_Nginx%20Full' */ tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:22 ctstate NEW recent: SET name: DEFAULT side: source mask: ***.***.***.*** ufw-user-limit tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:22 ctstate NEW recent: UPDATE seconds: 30 hit_count: 6 name: DEFAULT side: source mask: ***.***.***.*** ufw-user-limit-accept tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:22 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8080 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:10000 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:21 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:7777 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8777 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:9777 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:27900 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:7778 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:7779 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:7779 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:7778 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:7777 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:27900 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:8777 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:9777 DROP all -- [anywhere]/0 ***.***.***.*** Chain ufw-user-output (1 references) target prot opt source destination Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-limit (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] " REJECT all -- [anywhere]/0 [anywhere]/0 reject-with icmp-port-unreachable Chain ufw-user-limit-accept (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ##### LET'S ENCRYPT ##### [WARN] You have both certbot and acme.sh installed. This can lead to problems. Certbot: /usr/bin/letsencrypt acme.sh: /root/.acme.sh/acme.sh
I got a bit further by copying later backups of the vhosts: The sites are available again, so the pressure is much lower now. The ispconfig backend now answers with 502 bad gateway another forced update of ispconfig tells me, that php couldn't be activated... searching for the reason this seems to be the problem: ERROR: [pool web8] cannot get uid for user 'web8' deleted the old vhost and pool.d entry (belonging to web8, copied from the backup), now it's working again. I'll check, if things are ok now, but not today...
Everything seems to be fine again. pihole also works without lighttpd out of the box (using the installed nginx). Bind disabled of course. The webserver-user should be member of the group pihole, but for now it seems to work without any changes, just in case anybody stumbles upon something similar. Oh, and i guess, the main-problem was the ispconfig-update as "su". The vhost-configs started with "listen 8081 ssl http2;" what looks like an apache2-config. The latest backups without the http2-entry did most of the trick.
