Cannot access DA panel or domain behind same ip.

[portalx]

Hello,

As mentioned in the post title, after the installation I can access the panel using the default domain provided by DirectAdmin.


However, once the installation is complete and the server reboots, I can no longer access the panel or any domains I add, if I'm connected from the same local network (LAN) or from any device within the network. It only works if I use my mobile data (5G) and access it from outside the network.


This is quite frustrating, and I can't proceed further.
What am I missing or doing wrong?


Thank you!

 

[zEitEr]

Hello,

Your IP must has been blocked. You will need to check a list of blocked IPs in DirectAdmin -> CSF/LFD plugin and unblock it.

Or you have an issue with network settings, and here we can not guess which settings you use: NAT, router, multiple IPs, etc.

What am I missing or doing wrong?

 

[portalx]

Hello zEitEr,

Thank you for your reply. There’s nothing being blocked by the CSF firewall — I’m also using this firewall on my other servers without any issues. The csf.deny list is empty.

The server is running inside a VPS hosted on Proxmox. For testing purposes, it is currently placed in front of the router with only the necessary ports (80, 443, 2222) open to allow access.
I haven’t opened the other required ports (993, 995, 465, etc.) yet, as I still need to complete the setup.

As I mentioned before, the server is accessible via mobile connections (4G/5G).

All the devices behind the router cannot access it by domain (http(s)://sub.domain.ltd, Only by ip (192.168.1.54).

Thank you

 

[zEitEr]

The csf.deny list is empty.

It is populated with IP permanently blocked only. CSF/LFD uses another file for listing temporary blocked IPs.

Anyway, I'm not the one who you need to persuade that everything is correct. Going this way you will loose the point and time.

I don't know your setup and am just guessing what might be wrong (and I hate playing guess games). You know your setup and have an access to the server.

I might only give some ideas to check:

1. Link LAN ip to External IP: https://docs.directadmin.com/other-...for-local-ips.html#link-lan-ip-to-external-ip
2. check logs, check pings, check network settings.
3. disable CSF/LFD temporary and see whether or not you have a good result.
4. open a ticket with DA support, if your license includes the official support
5. hire somebody to check it for you

 

[portalx]

Thank you for your answer, I will check the above and hope to found solution.

 

[DrWizzle]

Hello zEitEr,

Thank you for your reply. There’s nothing being blocked by the CSF firewall — I’m also using this firewall on my other servers without any issues. The csf.deny list is empty.

The server is running inside a VPS hosted on Proxmox. For testing purposes, it is currently placed in front of the router with only the necessary ports (80, 443, 2222) open to allow access.
I haven’t opened the other required ports (993, 995, 465, etc.) yet, as I still need to complete the setup.

As I mentioned before, the server is accessible via mobile connections (4G/5G).

All the devices behind the router cannot access it by domain (http(s)://sub.domain.ltd, Only by ip (192.168.1.54).

Thank you

I've just seen this and I had a similar problem. I too use Proxmox on a Poweredge server on my local network for testing and expose each instance I build to the internet via a DMZ on my router. When I install I can access the server from the local lan, for example 10.0.88.2:2222 to login and then setup, but like you i'm unable to login with a subdomain or the servers hostname.

The way I do it is as follows:

Before I install, I will set the env variables:

export DA_NS1="ns0.domain.co.uk"
export DA_NS2="ns1.domain.co.uk"
export DA_HOSTNAME="da.domain.co.uk"
export DA_EMAIL="[email protected]"

This helps as i'm not setting nameservers etc in the admin panel after. I wait for the install to finish and then login. I will use the local lan address followed by the api created by custombuild to get started. For example, custombuild will report

To login now, follow this URL:

        http://da.domain.co.uk:2222/api/login/url?key=i74QWPZO84I-6hPapSWwLCxaneTJ3-72

but that won't work as DirectAdmin hasn't yet created an A record in the DNS for that domain. In fact DA hasn't created any DNS record, i've found, until you create the first domain in the admin account and then it will create the nameservers as set in the env variables earlier to satisfy BIND along with the matching DNS record.

So, I login via an amended url (for example)

 http://10.0.88.2:2222/api/login/url?key=i74QWPZO84I-6hPapSWwLCxaneTJ3-72

I then go across to the IP address management and make sure all the IPs i'm using appear (in case I want to use IPv6). I then add the main domain for the server in the admin account, pop across to DNS management and add the A record for the server hostname and any other subdomains/records I need and activate the admin SSL. Once that's all done, I can login to the control panel with the hostname/subdomain desired without using the lan address, 5G or a VPN. By this stage it's also protected with an SSL cert.

I hope I haven't read your problem wrong and this helps!

 

[Richard G]

In fact DA hasn't created any DNS record, i've found,

The hostname issue again. To me that is a a bug. If you specify the hostname then a hostname entry in DNS adminstration should be made including A records and entry's in the /etc/virtual directory for the hostname.

 

[DrWizzle]

The hostname issue again. To me that is a a bug. If you specify the hostname then a hostname entry in DNS adminstration should be made including A records and entry's in the /etc/virtual directory for the hostname.

To be fair, i've never actually checked upon a fresh install inside /etc/virtual for the hostname. I know i'll always set the hostname in /etc/hosts and /etc/hostname before I install as it does help.

A really nice feature would be if you were able to set an env variable before running the install script, (if it's not already a feature I don't know about) that was simply the domain for the admin account, I mean you're able to specify the admin email upfront, along with the hostname and 2 nameservers so why not have another variable for the domain. That way, you could have the DNS record created off the bat for the admin account and when it gets to the TLS certificate issuance part of the install script, it won't fail as it always does. Again, i'm sure there's ways around this, but everyone likes simplicity

 

[portalx]

Thank you all for your helpful answers!


Because of my current workload, I’ve had to shut the project down for now.

When I have more time, I’ll spin up a new VPS and give it another try—hopefully with better results.

Compared with panels like Plesk, this one still needs quite a bit of work, but I enjoy experimenting and hope to find a solid solution.


Thanks again, everyone!

 

[Richard G]

I know i'll always set the hostname in /etc/hosts and /etc/hostname before I install as it does help.

I do that too but still DA has the bug (or at least still at the beginning of this year) that no hostname entry was made in DNS administration, or hostname was made but no /etc/virtual/server.domain.com entry. I don't remember exactly but it was either one or both of these. Probably because of missing domain name.
So it would ben nice to also have a variable for domain name yes.

Compared with panels like Plesk, this one still needs quite a bit of work

Depends in a normal sitaution (so not on a LAN) it's quite easy. Also a bit more work maybe then others, but that's why others cost double.

 

[DrWizzle]

I do that too but still DA has the bug (or at least still at the beginning of this year) that no hostname entry was made in DNS administration, or hostname was made but no /etc/virtual/server.domain.com entry. I don't remember exactly but it was either one or both of these. Probably because of missing domain name.
So it would ben nice to also have a variable for domain name yes.

Indeed. I might try a test install later, but before installing DA, I might install bind9 and create the /etc/bind/zones folder and put in a zone file for the admin domain. I want to see if the TLS cert goes through fine for the admin domain. Only issue I can see is that I would then have to delete the zone file once DA is installed and then "add the domain" to the admin account. I've found in the past if I have a DNS only record for a domain and then want to create an account for the domain, DA doesn't like it and refuses to add the account. Another bug maybe?

Compared with panels like Plesk, this one still needs quite a bit of work, but I enjoy experimenting and hope to find a solid solution.


Thanks again, everyone!

No worries, but as @Richard G has said, the price reflects the offerings. The bonus I find with this platform is its constantly being built on/improved and maintained by a very active, knowledgeable community and I really like the challenge now and then, and enjoy joining in where I can here. I've used other platforms before now and the support is not what you would call very helpful. I've seen a few angry beavers on here, but i'm really happy with everything here.

 

[Richard G]

I've found in the past if I have a DNS only record for a domain and then want to create an account for the domain, DA doesn't like it and refuses to add the account. Another bug maybe?

No I think this is part of the same bug. You have to create the domain first and then create a solo DNS record. Or create a solo DNS record but if you afterwards create a domain it could cause a conflict with DNS records, so probably it's refused for that reason. But I'm not sure, I never tested that this way before.
I do however know that I can not set a DKIM record for my hostname DNS record if I don't also create the domain name the hostname record would belong to. I think that is all connected some how.

 

[DrWizzle]

No I think this is part of the same bug. You have to create the domain first and then create a solo DNS record. Or create a solo DNS record but if you afterwards create a domain it could cause a conflict with DNS records, so probably it's refused for that reason. But I'm not sure, I never tested that this way before.
I do however know that I can not set a DKIM record for my hostname DNS record if I don't also create the domain name the hostname record would belong to. I think that is all connected some how.

Quite possibly. I'm just wondering where it will all end with email security DNS records. DKIM, SPF, DMARC and now theres BIMI (if you've got a trademark). I like the idea of BIMI but also think it's just a bit too fancy having your logo in someone's inbox

 

[zEitEr]

I've found in the past if I have a DNS only record for a domain and then want to create an account for the domain, DA doesn't like it and refuses to add the account. Another bug maybe?

DirectAdmin won't allow to add a domain if it exists in DNS on the same server. It is a designed behaviour.

The same is true for the installation process. Why would directadmin remove DNS zones from named.conf at the moment of the installation?

 

[DrWizzle]

The same is true for the installation process. Why would directadmin remove DNS zones from named.conf at the moment of the installation?

Wouldn't be asking DA to remove a zone file at the point of installation though. My point was if no zone file exists when DA installs, the TLS cert can't be issued as it tries to. If I added a zone file before the installation to satisfy the DNS requirements, I would have to remove it myself before DA was able to create an admin account for the domain as DA won't let you add a hosting account if the DNS zone exists.

Anyhow, ignoring all the above here, my main point was it would be nice if DA created a zone file and a matching admin hosting account all in one foul swoop for the admin domain, setting up a basic 'one size fits all' hosting account you can tweak later, along with all the nameservers, TLS etc. from a single domain variable set before installation.

 

[zEitEr]

In my practise if a client has more than 1 server, they use either remote Nameservers or a DirectAdmin cluster (multiserver setup for DNS). Directadmin probably could ask for credentials to connect to a cluster at the installation time, but it is no use for remote DNS servers which are not connected to Directadmin server at all.

What you ask is rather a rare case, but if you really want it to be implemented, then you are welcome to post a feature request.

But again, I don't work for Directadmin and I am no way a choice maker of them.

 

[DrWizzle]

In my practise if a client has more than 1 server, they use either remote Nameservers or a DirectAdmin cluster (multiserver setup for DNS). Directadmin probably could ask for credentials to connect to a cluster at the installation time, but it is no use for remote DNS servers which are not connected to Directadmin server at all.

What you ask is rather a rare case, but if you really want it to be implemented, then you are welcome to post a feature request.

But again, I don't work for Directadmin and I am no way a choice maker of them.

Cheers @zEitEr , might do that. I totally understand what you are saying about larger organisations and remote nameservers etc; and it would be of no benefit to these guys, that's why I was saying about an optional variable on installation.

Use case scenario would benefit users of smaller organisations who use only 1 server, and would definitely benefit new users and people purchasing the personal plus licences who would typically only have 1 or 2 domains. Also resold licences for VPS etc. Although I rent servers in datacentres, I don't have huge clusters yet

On another note, out of curiousity, would be interesting to see the volume of licences sold/in use for each type.

 

[zEitEr]

I would never suggest using nameservers hosted on the same directadmin server even for small companies and hobbies.

On another note, out of curiousity, would be interesting to see the volume of licences sold/in use for each type.

I believe it is a commercial secret, and you will need to be hired by DirectAdmin to get these details)