Cannot get DirectAdmin to install. (Debian 11)

realcryptonight

Verified User
Joined
Nov 16, 2019
Messages
360
Hello everyone and @DirectAdmin Support,

I am trying to get DirectAdmin to install on my Debian 11 VPS, but everytime it installs CSF, I lose the SSH connection and the installation stops.
The server is clean and the OS has nothing installed besides the required software to run DirectAdmin.
I have also waited at least 30 minutes but this should not be required since I told the install script to keep custombuilds in the foreground.

My pre-install commands:
apt -y update
apt -y upgrade
apt -y install gcc g++ make flex bison openssl libssl-dev perl perl-base perl-modules libperl-dev libperl4-corelibs-perl libwww-perl libaio1 libaio-dev zlib1g zlib1g-dev libcap-dev cron bzip2 zip automake autoconf libtool cmake pkg-config python libdb-dev libsasl2-dev libncurses5 libncurses5-dev libsystemd-dev bind9 dnsutils quota patch logrotate rsyslog libc6-dev libexpat1-dev libcrypt-openssl-rsa-perl libnuma-dev libnuma1

# Get the server IP for reverse DNS lookup.
serverip=`hostname -I | awk '{print $1}'`

# Get server hostname from reverse DNS lookup.
serverhostname=`dig -x ${serverip} +short | sed 's/\.[^.]*$//'`

# Get just the domain name.
domainhostname=`echo $serverhostname | sed 's/^[^.]*.//g'`

# NS hostnames.
ns1host="ns1.${domainhostname}"
ns2host="ns2.${domainhostname}"

# Set some variables to let DirectAdmin install correctly.
export DA_CHANNEL=current
export DA_HOSTNAME=$serverhostname
export DA_NS1=$ns1host
export DA_NS2=$ns2host
export DA_FOREGROUND_CUSTOMBUILD=yes
export mysql_inst=mysql
export mysql=8.0

# Download and run the DirectAdmin install script.
wget -O directadmin.sh https://download.directadmin.com/setup.sh
chmod 755 directadmin.sh
./directadmin.sh $1

This is the output from the DirectAdmin install script (And after this putty will timeout after 5 minutes):
Installing CSF...
######################################################################### 100.0%
Adding tcp|out|u=0 to csf.allow and iptables ACCEPT...
iptables: No chain/target/match by that name.
ACCEPT tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 owner UID match 0
Adding udp|out|u=0 to csf.allow and iptables ACCEPT...
iptables: No chain/target/match by that name.
ACCEPT udp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 owner UID match 0

For anyone who want to also take a look at the custombuilds install.txt file, it can be viewed at: https://cdn.realcryptonight.dev/realcryptonight_install.txt

Does anyone have an idea why this is happening (And not on installer versions from like 2 months ago) and how to fix it?
If you need more info please let me know. So that I can give it.
 

realcryptonight

Verified User
Joined
Nov 16, 2019
Messages
360
try:
export DA_SKIP_CSF=true
till DA-support check/solve this.
I understand that it will fix the issue of not getting the installation to complete.
But it also leaves a massive security hole as it will completely not install the firewall.

I do not need the server up and running right away but getting it working again within a couple of days would be my goal.
And I also have made the post to let DirectAdmin know this is happening and to maybe check if this is a wide(r) spread issue.
 

Zhenyapan

Verified User
Joined
Feb 23, 2018
Messages
1,579
Location
UA
I mean you can install firewall after DA complete installation, maybe something changed in last debian release that broke CSF?
try install previous version. debian 11.5 was released 10 Sept, so can you try 11.4 - this will help to find where is problem.
 

fln

Administrator
Staff member
Joined
Aug 30, 2021
Messages
445
Just tried a fresh Debian 11 install and everything seems to be working fine. One attempt running installer over SSH logged in as root, and one attempt running installer over SSH logged in as normal user + sudo to become root.. In both cases CSF installation did not disrupt SSH connection.

Maybe your server has pre-existing firewal or iptables rules that combined with whatever CSF does at install time ends up in a state where you get locked out. You can quickly check it by running iptables-save before installation.
 

realcryptonight

Verified User
Joined
Nov 16, 2019
Messages
360
I just tried to run that command but got a command not found message. (As I expected since as far as I know my VPS hoster just installs debian 11 without ay extra packages.)

And with that try I got an license issue page on the website due to me not adding the ipv6 address to the allowed IP lists.
Then I reinstalled Debian 11 and tried it again but still the same result but with an login page to the panel.

I have also noticed that when I go to My Licenses on directadmin.com that the active has a red cross instead of a green checkmark.
But when I go to the license details I see a green checkmark by active and red crosses by expiry and support.
And I have so noticed that my other DA server still display that the license is valid till 2022-10-05 18:00 but I do not get an license error page.
license detials.png
So might it be a license issue?
 

realcryptonight

Verified User
Joined
Nov 16, 2019
Messages
360
Finally got the issue resolved.
The issue was that I somehow used an expired license (That I did not expect to be expired.) and thus directadmin was not allowed to start.

So maybe the DirectAdmin teams could add a check if the license is valid before install starts. As it causes issue if it's not. @fln
 

realcryptonight

Verified User
Joined
Nov 16, 2019
Messages
360
Sorry but the issue is not (yet) resolved.
On one of my server it worked but my other two are still stuck. :(
But what I found is:
CSF service is dead.
But I can manually start it and it then stays alive.
So I have no clue what is going on and after starting the service, then the install does not continue.

If one of the DA teams want access to a stuck server then let me know. Then I will add you public ssh key.
 

fln

Administrator
Staff member
Joined
Aug 30, 2021
Messages
445
Thanks for the feedback @realcryptonight, this issue of License Key validation at install time is a really nasty consequence of a legacy feature supporting DA installs without valid license. It was a bit more relevant with the old licensing system, but I think it is time to drop it. If we would require a valid license at install time we could check license availability and provide immediate feedback if something is wrong even before DA is installed.

Our SSH key is https://directadmin.com/authorized_keys, I could investigate this if you would send me server IP over private message.
 
Top