I've read several threads some older - and am curious a customer can NOT get a static ip - and we have ddns working. but what needs to be done in ispconfig? can I run a nameserver (all those A records??) or do I have to depend on other ispconfig systems to A record to - the ddns address? are some ispconfig services not supported? i see note of a ddns module for ispconfig from 4 years ago. needed? or incorporated? I looked but see no tutorial 'Running ISPConfig3 server behind ddns' might be a good thing to add? or would you all laugh at someone attempting to do this? (with all the cloud server hacks - and I have 3 years of free experian credit monitoring from the Capital One credit card breach- folks are becoming less trusting of the cloud, no?) And anyone considering or have thoughts on running ispconfig from a starlink connected server? or is that a bridge too far? (or too high perhaps?)
If you want to update DNS records dynamically where the zone is hosted on an ISPConfig DNS server, then you can do such a zone update using the ISPConfig remote API. Alternatively you can put your zones on a DynDNS service. For the services that run on your ISPConfig server, it does not matter if your IP is static or dynamic. Its just about updating your DNS record. In general, it makes not much sense to run a server behind a dnymic IP in these days were cloud servers are available at such a low price. ISPConfig is a hosting control panel for internet service providers. There is not a single internet service provider that runs its data center behind a dynamic IP, so writing such a guide would not make any sense for ISPConfig. There are no cloud server hacks in any decent data center or provider and running your server on a dynamic IP makes it even more vulnerable to attacks as the infrastructure you run it on is not made for this and will not provide filters for that. Also, you won't be able to send email with a dynamic IP, so you would have to use a internet based email sending server or you need a second server in the internet to send emails. This makes even less sense for a server.
From what I understand DNS needs a static ip. Website ok if you do not mind the site will be down during the ip changes. Email ok if you do not mind not receiving emali during the ip changes. The other option is to use only the email storage of ispconfig (dovecot). Smtp we use some cloud offerings or setup one smtp on the cloud. Did I miss anything, community?
The only way to run dns services from a dynamic ip is using an external dynamic dns service. There are several free sevices out there. At your registrar you set the dns server for your domain to your dynamic dns hostname. (Keep in mind a dns zone needs at least 2 dns servers) Within ISPC you also need to use your dynamic dns hostname in your dns zone. Don't create A and or AAAA records but CNAMEs pointing to your dynamic dns hostname. That way you can run all other services besides dns from your dynamic ip too.
sorry I dont think I was being clear. I have a customer who cannot get a static ip but wants an inhome server for files/ website// emails. now ispconfig has been configured on the server. what services should I use or not use? for example, I can decide to not use it as a nameserver so that might eliminate some issues. webserver should be fine - as long as the website served is the default, correct? if we have more than one site how does the ddns route to the right apache site? nextcloud (for file serving) should be fine. how about email? will postfix/dovecot work behind ddns? how about let's encrypt? and any alterations needed in ispconfig configuration? I had already installed ispconfig before I installed the deb12 server, so I'm concerned I need to go back and make some changes? one other thing (yikes!) I seem to have forgotten the ssh root login. and fail2ban has banned me. does ispconfig have the ability from the dashboard to turn off fail2ban? or unban an ip? then I can keep trying to remember the password! LOL and if it does not would that not be a nice feature to add? thanks all!
Web server is the least problem, as there is no difference to using a static IP. Running your own DNS server on a dynamic IP is not recommended as mentioned before. You can run your own email server at home on a dynamic IP, but it will most likely not be able to send emails, so you need either a relay service or second server on the internet to send emails. When it comes to DNS, get a dyndns service for your domains. maybe you can use dndns for just one domain and use cname records on other domains, have not tested that. Maybe someone else can chime in and say if cnames can work here for additional domains.
A dyndns service and cname records on your domains pointing to your dyndns hostname should work for most services. Even to run your own dns you could use a dyndns service and set its hostname as dns server at your registrar (avoiding the need of glue records which cannot be dynamic). Though you need to set a minimum of 2 different dns servers. You will however always encounter outage on all services when your ip has changed as (dyn)dns needs time to update. The webserver selects the website to show based on url in the request. It has nothing to do with dyndns. As long as the requested url eventually points to the current dynamic ip (through the use of it being a cname pointing to the dyndns hostname) so the request can reach the webserver. Mail service will be the biggest issue. To properly function for sending mail you need reverse dns (among other things), which is next to impossible with dynamic ip's. Your only option is @till 's suggestion to use a relay service or a mailserver somewhere on the internet that you can use as relay/smarthost. Besides send issues you could very well encounter receive issues too. A whole lot of ISP block port 25 to their endusers, making it impossible to receive mail. Also blockage of port 25 to ip's outside of their network may very well be possible.
ok I have the server up behind ddns. say its xxx.ddns.net and I even installed nextcloud as an alias (xxx.ddns.net/nextcloud). and it works fine as http. (hanging it off 000-local so behind the 'default page'. but I want to have a couple of websites up on this server. I can put the DNS entries elsewhere so they point to xxx.ddns.net as a CNAME rather than an A record, right? how do I configure ispconfig to install the site on the ddns-behind-server? and how do I get an SSL - does lets encrypt work behind ddns? hmm. inquiring minds. I need https for obvious reasons - but https://xxx.ddns.net/nextcloud does not appear to work - no cert clearly. I put the nexctcloud folder under the 000-local.conf path so its /var/www/html/nextcloud. how to make it https? when I get a website working, i would like website/nextcloud to pull up nextcloud - the Alias /nextcloud command should work. happy thanksgiving!
This should likely work, yes. There is nothing special to do or configure. DDNS is just having an external IP that changes regularly. See the Let's Encrypt error FAQ if you want to know why Let's Encrypt is not issuing a cert. Also, take care to disable Let's encrypt and check if your system is behind a router, which is likely when you use DDNS. But that's all covered in the Let's Encrypt error FAQ, which you probably know as a longtime user of this forum So just read it and follow it step-by-step: https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/ Installing Nextcloud like this makes little sense on an ISPConfig system. Either install it properly on a website or use a Docker-based installation and create a proxy website in ISPconfig.
Only thing LE needs is to be able to connect to port 80 for the domains in the cert request so they can be verified. It doesn't matter if that server is behind ddns. Just as long as ddns is configured correctly and pointing to the current ip.