Multiple websites on Ubuntu server and IP creation

Discussion in 'Installation/Configuration' started by nzAndy, Jan 12, 2023.

  1. nzAndy

    nzAndy New Member

    Well I've gone around in circles for a week now and still cant get my head around what to do.
    I have at home a Dell server with Ubuntu 22.04 and the latest ISPConfig installed. I have 4 websites that are currently hosted on Bluehost servers, that I want to move to my home Dell server.
    I did a practice run with a spare registered domain (allpots.com). I made new custom nameservers ns1.allpots.com, ns2.allpots.com, and made an allpots.com website in ISPConfig, which I couldn't get working. I'm sure I did all the correct configurations in ISPConfig like client, website, dns, etc. Rather than rambling on I will list my most important questions of where I think the problem is:

    1: I think I need to generate an IP address in Ubuntu for each website?, how can I do this?

    2: In Ubuntu how do I point/connect the new IP address's to the domain names?

    3: Should the new website IP addresses be created from the servers main private IP, or the servers public IP address (a format example would be great)

    Hopefully I'm on the right track and thanks for any help!
     
    Last edited: Jan 12, 2023
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Usually this is not needed. So do not do it.
    ISPConfig uses name based resolution to point URL to website. Use * in all websites at the IP address setting.
    Is your server and name servers at your intranet, so there is NAT or similar between those and the public Internet?
    Your name servers indeed seem not working. My signature has link to DNS setup with ISPConfig tutorial.
     
    nzAndy and ahrasis like this.
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Choose just * in website settings and not an IP. In general, the public IP is used in DNS and the private IP is used in the website when your system is behind a NAT router.
     
    nzAndy and ahrasis like this.
  4. nzAndy

    nzAndy New Member

    thanks Taleman and Till,

    1: I read somewhere that https websites need a unique IP address?
    My public IP address is 58.169.XX.XX, I can use this for all the websites? (the gateway IP 192.168.XX.XX is not used?)

    2: thanks

    3: Sorry I should have said in the original post that I just deleted the allpots website in ISPconfig as I had chopped and changed so much I thought it better to start affresh again ... I guess that's why the name servers now are not showing to work (they previously had 5 locations on the DNS check), A DNS check for allpots now shows the A record showing up on 3 locations.

    So in summary, I use the servers public IP address in ISPConfig for all 4 websites
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    This was the case years ago but is not valid any more today. As mentioned, you select * in websites, and In DNS records, you choose the external IP of your router.
     
    nzAndy likes this.
  6. nzAndy

    nzAndy New Member

    Cheers, thanks for all your help!
     
  7. nzAndy

    nzAndy New Member

    I started from scratch again and made up an allpots.com website, database,dns zone. I used the Namecheap domain basic nameservers.
    I still havent managed to get the site to work, I ran a test script of which most is a mystery for me but I see at the top it says 'could not determine server's ip address by ifconfig' I googled this and cleared the cache as advised, but no change
    Hopefully you can pick something up from the test script, cheers

    Code:
    ##### SERVER #####
    IP-address (as per hostname): ***.***.***.***
    [WARN] could not determine server's ip address by ifconfig
    [INFO] OS version is Ubuntu 22.04.1 LTS
    
    [INFO] uptime:  09:50:05 up 54 min,  1 user,  load average: 0.04, 0.03, 0.05
    
    [INFO] memory:
                   total        used        free      shared  buff/cache   available
    Mem:            15Gi       1.8Gi        12Gi        64Mi       1.2Gi        13Gi
    Swap:          4.0Gi          0B       4.0Gi
    
    [INFO] systemd failed services status:
      UNIT                      LOAD   ACTIVE SUB    DESCRIPTION
    ● snap.lxd.activate.service loaded failed failed Service for snap application lxd.activate
    
    LOAD   = Reflects whether the unit definition was properly loaded.
    ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
    SUB    = The low-level unit activation state, values depend on unit type.
    1 loaded units listed.
    
    [INFO] ISPConfig is installed.
    
    ##### ISPCONFIG #####
    ISPConfig version is 3.2.9
    
    
    ##### VERSION CHECK #####
    
    [INFO] php (cli) version is 8.1.14
    [INFO] php-cgi (used for cgi php in default vhost!) is version 8.1.14
    
    ##### PORT CHECK #####
    
    
    ##### MAIL SERVER CHECK #####
    
    
    ##### RUNNING SERVER PROCESSES #####
    
    [INFO] I found the following web server(s):
            Apache 2 (PID 4651)
    [INFO] I found the following mail server(s):
            Postfix (PID 1925)
    [INFO] I found the following pop3 server(s):
            Dovecot (PID 1002)
    [INFO] I found the following imap server(s):
            Dovecot (PID 1002)
    [INFO] I found the following ftp server(s):
            PureFTP (PID 1723)
    
    ##### LISTENING PORTS #####
    (only           ()
    Local           (Address)
    ***.***.***.***:53              (835/systemd-resolve)
    [localhost]:10023               (1429/postgrey)
    [localhost]:53          (1065/named)
    [localhost]:53          (1065/named)
    [localhost]:53          (1065/named)
    [localhost]:53          (1065/named)
    [localhost]:953         (1065/named)
    [localhost]:953         (1065/named)
    [localhost]:953         (1065/named)
    [localhost]:953         (1065/named)
    [localhost]:11334               (1088/rspamd:)
    [localhost]:11333               (1088/rspamd:)
    [localhost]:11332               (1088/rspamd:)
    [anywhere]:4190         (1002/dovecot)
    ***.***.***.***:53              (1065/named)
    ***.***.***.***:53              (1065/named)
    ***.***.***.***:53              (1065/named)
    ***.***.***.***:53              (1065/named)
    [localhost]:11211               (914/memcached)
    [anywhere]:3306         (981/mariadbd)
    [anywhere]:587          (1925/master)
    [anywhere]:993          (1002/dovecot)
    [anywhere]:995          (1002/dovecot)
    [anywhere]:143          (1002/dovecot)
    [anywhere]:110          (1002/dovecot)
    [anywhere]:25           (1925/master)
    [anywhere]:21           (1723/pure-ftpd)
    [anywhere]:22           (1079/sshd:)
    [anywhere]:465          (1925/master)
    [localhost]:6379                (925/redis-server)
    *:*:*:*::*:6379         (925/redis-server)
    *:*:*:*::*53            (1065/named)
    *:*:*:*::*53            (1065/named)
    *:*:*:*::*53            (1065/named)
    *:*:*:*::*53            (1065/named)
    *:*:*:*::*:8080         (4651/apache2)
    *:*:*:*::*:8081         (4651/apache2)
    *:*:*:*::*:4190         (1002/dovecot)
    *:*:*:*::*3617:ebff:feef:53             (1065/named)
    *:*:*:*::*3617:ebff:feef:53             (1065/named)
    *:*:*:*::*3617:ebff:feef:53             (1065/named)
    *:*:*:*::*3617:ebff:feef:53             (1065/named)
    *:*:*:*::*:3306         (981/mariadbd)
    *:*:*:*::*:953          (1065/named)
    *:*:*:*::*:953          (1065/named)
    *:*:*:*::*:953          (1065/named)
    *:*:*:*::*:953          (1065/named)
    *:*:*:*::*:587          (1925/master)
    *:*:*:*::*:993          (1002/dovecot)
    *:*:*:*::*:995          (1002/dovecot)
    [localhost]43           (1002/dovecot)
    *:*:*:*::*:80           (4651/apache2)
    [localhost]10           (1002/dovecot)
    *:*:*:*::*:25           (1925/master)
    *:*:*:*::*:21           (1723/pure-ftpd)
    *:*:*:*::*:22           (1079/sshd:)
    *:*:*:*::*:465          (1925/master)
    *:*:*:*::*:443          (4651/apache2)
    *:*:*:*::*:53           (1065/named)
    *:*:*:*::*:53           (1065/named)
    *:*:*:*::*:53           (1065/named)
    *:*:*:*::*:53           (1065/named)
    
    
    
    
    ##### IPTABLES #####
    Chain INPUT (policy DROP)
    target     prot opt source               destination
    ufw-before-logging-input  all  --  [anywhere]/0            [anywhere]/0
    ufw-before-input  all  --  [anywhere]/0            [anywhere]/0
    ufw-after-input  all  --  [anywhere]/0            [anywhere]/0
    ufw-after-logging-input  all  --  [anywhere]/0            [anywhere]/0
    ufw-reject-input  all  --  [anywhere]/0            [anywhere]/0
    ufw-track-input  all  --  [anywhere]/0            [anywhere]/0
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination
    ufw-before-logging-forward  all  --  [anywhere]/0            [anywhere]/0
    ufw-before-forward  all  --  [anywhere]/0            [anywhere]/0
    ufw-after-forward  all  --  [anywhere]/0            [anywhere]/0
    ufw-after-logging-forward  all  --  [anywhere]/0            [anywhere]/0
    ufw-reject-forward  all  --  [anywhere]/0            [anywhere]/0
    ufw-track-forward  all  --  [anywhere]/0            [anywhere]/0
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    ufw-before-logging-output  all  --  [anywhere]/0            [anywhere]/0
    ufw-before-output  all  --  [anywhere]/0            [anywhere]/0
    ufw-after-output  all  --  [anywhere]/0            [anywhere]/0
    ufw-after-logging-output  all  --  [anywhere]/0            [anywhere]/0
    ufw-reject-output  all  --  [anywhere]/0            [anywhere]/0
    ufw-track-output  all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-after-forward (1 references)
    target     prot opt source               destination
    
    Chain ufw-after-input (1 references)
    target     prot opt source               destination
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:137
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:138
    ufw-skip-to-policy-input  tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:139
    ufw-skip-to-policy-input  tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:445
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:67
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:68
    ufw-skip-to-policy-input  all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST
    
    Chain ufw-after-logging-forward (1 references)
    target     prot opt source               destination
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix
     "[UFW BLOCK] "
    
    Chain ufw-after-logging-input (1 references)
    target     prot opt source               destination
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix
     "[UFW BLOCK] "
    
    Chain ufw-after-logging-output (1 references)
    target     prot opt source               destination
    
    Chain ufw-after-output (1 references)
    target     prot opt source               destination
    
    Chain ufw-before-forward (1 references)
    target     prot opt source               destination
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 11
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 12
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
    ufw-user-forward  all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-before-input (1 references)
    target     prot opt source               destination
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
    ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID
    DROP       all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 11
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 12
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp spt:67 dpt:68
    ufw-not-local  all  --  [anywhere]/0            [anywhere]/0
    ACCEPT     udp  --  [anywhere]/0            ***.***.***.***          udp dpt:5353
    ACCEPT     udp  --  [anywhere]/0            ***.***.***.***      udp dpt:1900
    ufw-user-input  all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-before-logging-forward (1 references)
    target     prot opt source               destination
    
    Chain ufw-before-logging-input (1 references)
    target     prot opt source               destination
    
    Chain ufw-before-logging-output (1 references)
    target     prot opt source               destination
    
    Chain ufw-before-output (1 references)
    target     prot opt source               destination
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
    ufw-user-output  all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-logging-allow (0 references)
    target     prot opt source               destination
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix
     "[UFW ALLOW] "
    
    Chain ufw-logging-deny (2 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID limit: avg 3/min burst 10
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix
     "[UFW BLOCK] "
    
    Chain ufw-not-local (1 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type LOCAL
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type MULTICAST
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST
    ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10
    DROP       all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-reject-forward (1 references)
    target     prot opt source               destination
    
    Chain ufw-reject-input (1 references)
    target     prot opt source               destination
    
    Chain ufw-reject-output (1 references)
    target     prot opt source               destination
    
    Chain ufw-skip-to-policy-forward (0 references)
    target     prot opt source               destination
    DROP       all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-skip-to-policy-input (7 references)
    target     prot opt source               destination
    DROP       all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-skip-to-policy-output (0 references)
    target     prot opt source               destination
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-track-forward (1 references)
    target     prot opt source               destination
    
    Chain ufw-track-input (1 references)
    target     prot opt source               destination
    
    Chain ufw-track-output (1 references)
    target     prot opt source               destination
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            ctstate NEW
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            ctstate NEW
    
    Chain ufw-user-forward (1 references)
    target     prot opt source               destination
    
    Chain ufw-user-input (1 references)
    target     prot opt source               destination
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:21
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:22
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:25
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:53
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:80
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:110
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:143
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:443
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:465
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:587
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:993
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:995
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:3306
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:4190
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8080
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8081
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 40110:40210
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:53
    
    Chain ufw-user-limit (0 references)
    target     prot opt source               destination
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix
    "[UFW LIMIT BLOCK] "
    REJECT     all  --  [anywhere]/0            [anywhere]/0            reject-with icmp-port-unreachable
    
    Chain ufw-user-limit-accept (0 references)
    target     prot opt source               destination
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-user-logging-forward (0 references)
    target     prot opt source               destination
    
    Chain ufw-user-logging-input (0 references)
    target     prot opt source               destination
    
    Chain ufw-user-logging-output (0 references)
    target     prot opt source               destination
    
    Chain ufw-user-output (1 references)
    target     prot opt source               destination
    
    
    
    
    ##### LET'S ENCRYPT #####
    acme.sh is installed in /root/.acme.sh/acme.sh
    
     
  8. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    that'll be because of the A records at namecheap....
    i know it say's they're supposed to be created/active in around 30 minutes...
    i happened to be trying their basic dns on a domain yesterday and after several hours it still wouldn't resolve, even using nslookup directly against their own nameservers. i had set the ttl to 5 minutes... i then changed the ttl to automatic and the A records started resolving within minutes..

    neither allpots.com or www.allpots.com are resolving...
    Code:
    nslookup allpots.com DNS1.REGISTRAR-SERVERS.COM
    Server:       DNS1.REGISTRAR-SERVERS.COM
    Address:   156.154.132.200#53
    
    *** Can't find allpots.com: No answer
    
    nslookup www.allpots.com DNS1.REGISTRAR-SERVERS.COM
    Server:       DNS1.REGISTRAR-SERVERS.COM
    Address:   156.154.132.200#53
    
    ** server can't find www.allpots.com: NXDOMAIN
    
    so you're probably experiencing the same thing..
    until dns is resolving, you're not going to be able to access a website by name, unless you add it to your local hosts file.
    letsencrypt certs will not work until dns is working.
     
    nzAndy likes this.
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    In addition to what @nhybgtvfr posted above, do not create a DNS zone in ISPConfig if DNS is hosted externally (in your case at namecheap). A DNS zone has to be created only when you run your own name servers.
     
    nzAndy likes this.
  10. nzAndy

    nzAndy New Member

    thanks nhybgtvfr, I suspect there is a server issue.
    There could also be a Namecheap nameserver issue also, as I'm running a home server I had to fill in the server name details, but I wasn't sure which IP address to enter, the server's local IP or the allpots website public address, any ideas?
     
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    I explained you which Ip to use in post #3 and a second time in post #5. Please reread these posts.
     
    nzAndy likes this.
  12. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    he may mean which ip to use for the dns records... that should always be the public ip.
     
    nzAndy likes this.
  13. nzAndy

    nzAndy New Member

    thanks Till, all previously understood from previous comments but I was referring to Namecheap instructions on the server connection where they want the host name and ip address ....
    My knowledge on all this is about 2 weeks old, just trying to catch up with it all!
     
  14. till

    till Super Moderator Staff Member ISPConfig Developer

    NameCheap = DNS and I explained you to use your public IP address for DNS. So, you use the public IP address at namecheap.
     
    nzAndy likes this.
  15. nzAndy

    nzAndy New Member

    Cheers, I had done that but was not sure if I had done the right thing .... did you see anything in the test script that needs attending to?
     
  16. till

    till Super Moderator Staff Member ISPConfig Developer

    There is no issue on your server, according to the test script. As @nhybgtvfr pointed out, you can not expect a website or Let's encrypt SSL to work without resolving DNS records.
     
    nzAndy and ahrasis like this.
  17. nzAndy

    nzAndy New Member

    ok thanks for your help I will battle on, cheers!
     
  18. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    In #1 you wrote
    Yet you seem to be using Namecheap name servers.
    Which way are you trying to set up your system? Do not use both.
     
    nzAndy likes this.
  19. nzAndy

    nzAndy New Member

    yep, I deleted everything and started from scratch again, in case I had put a wrong item somewhere. I found it odd even after a few days I only had a few DNS sites propagated with the custom nameservers
    I went back to Namecheap basic nameservers and made another website etc and just had a few problems in the last hour or so, but with tills and nhybgtvfr help have it sorted.
    The last issue just fixed was in Namecheaps DNS where I put allpots in the host name instead of @, but the website has connected up now so thats great! thanks to all!
     
  20. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    I can see you are learning on how to run your server from home, like me, since about almost 20 years ago.

    Among the keys to run "home server" properly are the understanding of your given IP, which is normally a dynamic public IP and managing router's settings especially on how to set fixed local ip for your server and properly forward certain ports from it to your server.

    In my experience with dynamic IP, the use of CNAME record with the dynamic DNS account to get to your home server is the best rather then setting A record in the DNS server of your choice though it is also possible if automatic is supported with certain level of difficulties.

    So my guess is you haven't done the above properly, and if so, my advice shall be:

    First, see if you already created dynamic DNS account, paid or free, and set that up in your router or server to automatically update the your home dynamic IP. If you have not done it yet, you must do that first.

    Note this service is also provided by public DNS provider like CloudFlare or GoogleDNS but I am not sure if Namecheap has this service available though I think it should.

    Secondly, set fixed local ip for your server both in the router and in your server. Then forward all the relevant ports from the router to your server. Putting your to DMZ may also work but I do not prefer it and it may not be safe.

    Thirdly, if you did all of that properly, test your dynamic DNS account IP whether it has properly resolve to your home dynamic IP. If not yet, just wait until it does.

    Fourthly, test your dynamic IP account whether it is properly set up and will update IP change by shutting down your router for at least 5 minutes and restart it again. If the dynamic IP when changed is properly updated and resolved back to your home router, then you are good to run your server properly from home.
     
    nzAndy likes this.

Share This Page