IP address worked but domain name does not

August 31, 2019 341 views
DNS Initial Server Setup LEMP Networking Nginx PHP WordPress

Domain name is registered and DNS is pointed to DO as per tutorial. Created “A” record for fireball.design and www.fireball.design and *.fireball.design. Also created Nginx server block for fireball.design in /etc/nginx/sites-available/ with same names under “Server”. I was able to access by IP address only and I figured it just need time to register. I had a working wordpress install and to see if I could get it working after few days with the domain name I changed in Wordpress admin >Settings>General>Wordpress Address and Site Address URL from 104.248.211.55 to fireball.design. It could not load and now I am logged out and can not bring up any page at all. Any ideas?

Here is the nginx config. Just a guess but maybe Nginx can not find this correct nginx config file for fireball.design and is loading another default config file and is crapping out. Strange that it was working with the ip address and then after just that one change in the wordpress admin I can not even get a proper error page and if I type in the ip address in the browser it rewrites it to fireball.design so it seems the DNS mapping is working but I don’t know.

This is a fresh install with the LEMP one click install and did the HTTPS config running Certbot (this may be the culprit).
Created a sybolic link with sudo ln -s /etc/nginx/sites-available/fireball.design /etc/nginx/sites-enabled/
Unlinked the default with sudo unlink /etc/nginx/sites-enabled/default.

sudo ufw status

Status: active

To                         Action      From
--                         ------      ----
22/tcp                     LIMIT       Anywhere
443/tcp                    ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
Nginx Full                 ALLOW       Anywhere
OpenSSH                    ALLOW       Anywhere
22/tcp (v6)                LIMIT       Anywhere (v6)
443/tcp (v6)               ALLOW       Anywhere (v6)
80/tcp (v6)                ALLOW       Anywhere (v6)
Nginx Full (v6)            ALLOW       Anywhere (v6)
OpenSSH (v6)               ALLOW       Anywhere (v6)

Here is the server block code -when pasted in here it looks strange

server {


    # SSL configuration
    #
    # listen 443 ssl default_server;
    # listen [::]:443 ssl default_server;
    #
    # Note: You should disable gzip for SSL traffic.
    # See: https://bugs.debian.org/773332
    #
    # Read up on ssl_ciphers to ensure a secure configuration.
    # See: https://bugs.debian.org/765782
    #
    # Self signed certs generated by the ssl-cert package
    # Don't use them in a production server!
    #
    # include snippets/snakeoil.conf;

    listen fireball.design;

    server_name fireball.design www.fireball.design *.fireball.design 104.248.211.55;

    client_max_body_size 256M;

    root /var/www/fireball.design/fireball_wp_1/;

    # Add index.php to the list if you are using PHP
    index index.php index.html index.htm index.nginx-debian.html;


    location = /favicon.ico { log_not_found off; access_log off; }
    location = /robots.txt { log_not_found off; access_log off; allow all; }
    location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
        expires max;
        log_not_found off;
        }

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        # try_files $uri $uri/ =404;
        try_files $uri $uri/ /index.php$is_args$args;
    }

    # pass PHP scripts to FastCGI server
    #
    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        include fastcgi.conf;
    #   fastcgi_index  index.php;
    #
    #   # With php-fpm (or other unix sockets):
        fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
    #   # With php-cgi (or other tcp sockets):
    #   fastcgi_pass 127.0.0.1:9000;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
     location ~ /\.ht {
        deny all;
    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/fireball.design/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/fireball.design/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#   listen 80;
#   listen [::]:80;
#
#   server_name example.com;
#
#   root /var/www/example.com;
#   index index.html;
#
#   location / {
#       try_files $uri $uri/ =404;
#   }
#}

server {

    if ($host = www.fireball.design) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = fireball.design) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    listen [::]:80;

    server_name fireball.design www.fireball.design;
    return 404; # managed by Certbot

}
3 comments
  • Tried: To see if server can be connected:
    telnet fireball.design 443

    and was successful. So I think the CERTBOT stuff is ok and I can connect through https.

  • Tried:

    root@fireball-main-1:~# curl -IL fireball.design
    HTTP/1.1 301 Moved Permanently
    Server: nginx/1.14.0 (Ubuntu)
    Date: Sun, 01 Sep 2019 03:38:49 GMT
    Content-Type: text/html
    Content-Length: 194
    Connection: keep-alive
    Location: https://fireball.design/
    
    curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to fireball.design:443
    

    OOOOOOO!!! what is that an error or some sort??

    edited by bobbyiliev
  • The large text in the code starting “Virtual Host configuration for example.com…” is commented out with #’s but for some reason the browser is not showing it and making the test large.

3 Answers

Tried the Fail2ban stuff but nothing worked and even uninstalled it.
Tried lots of other things.
I give up
3 weeks later for a simple LEMP stack with Wordpress. One click garbage installs.
Can somebody delete this whole question entry

Hello,

I can see that you have managed to get this working at the end:

curl -IL fireball.design
HTTP/1.1 301 Moved Permanently
Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 01 Sep 2019 06:03:43 GMT
Content-Type: text/html
Content-Length: 194
Connection: keep-alive
Location: https://fireball.design/

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 01 Sep 2019 06:03:44 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-transform, no-cache, must-revalidate, max-age=0

Your website also seems to be loading as expected.

Would you mind sharing with the community what was the change that you had to do?

Regards,
Bobby

  • The website loads for you !? My browsers Edge, Chrome, Firefox all time out on trying to connect to site.

    • Hi,

      Yes the website is loading fine and the SSL is installed properly.

      Note that if you’ve made any DNS changes recently, it could take up to 24-48 hours for the DNS cache to clear over the Globe.

      Regards,
      Bobby

      • What? How is this possible! I have 3 different browsers all loading other sites fine and have cleared all the cache and history. I do hard reloads for the browser to avoid cached data. All ad block plugins etc disabled.
        The “i” icon beside the url does not show the green lock beside it for https and when clicked says “connection is not secure”.

        Trying http, https, the wordpress admin page, the wordpress login page, anything else I can think of. All time out to default browser time out page -so nothing ever produced by the stack.

        PS thanks for helping I am going crazy for days.

        • Hint to a fix:
          So in Firefox went to Menu>Options>General>Network Settings
          and chose Enable DNS Over Https
          SITE LOADED !! Yeah but still not recognized as secure so.
          So in Firefox went to Menu>Options>Privacy and Security>Certificates>Query OCSP responder servers
          This made the green lock appear with no error.
          I can not reproduce this config on Chrome or Edge.
          So hey all I have to do is give everyone a many step tutorial on how to access my website. Well getting closer to a fix.

          • As the site is working fine at my end maybe it is something to do with your PC itself, have you tried accessing the site with another device? Also have you checked your nginx error logs for more information?

          • Since other computers can load the site the server is blocking my connection to it. I read about security for DDoS attacks and other countermeasures could something been triggered. Maybe it didn’t like my connecting to the server so much or something. I cleared all caches and anything else plus installed a new browser Opera to test but it does not load the site either. Something on the DO server is causing it and linked to my IP. Does anything in the “One Click” LEMP install have some kind of blocker that can kick in. I will go through the Wordpress app also installed and see if it or any plugin can be the cause. I noted some error mentioning Jetpack in the Nginx error log so I first disabled it in Wordpress which did nothing and then deleted the plugin to make sure.
            I do not have another working computer to test the site from the same IP which is a good idea. I will try to connect my phone to my local network and then to the site I think that will test the blocked IP theory. I noticed some time out errors because the file is too long for the SSL connection but not sure what that means.
            Nginx Error Log:
            2019/09/03 13:00:00 [crit] 14904#14904: *12524 SSLdohandshake() failed (SSL: error:1408F0C6:SSL routines:ssl3getrecord:packet length too long) while SSL handshaking, client: 2.190.216.197, server: 0.0.0.0:443
            2019/09/04 00:52:58 [crit] 14904#14904: *15052 SSLdohandshake() failed (SSL: error:1420918C:SSL routines:tlsearlypostprocessclienthello:version too low) while SSL handshaking, client: 157.245.2.12, server: 0.0.0.0:443
            2019/09/04 04:07:04 [error] 14904#14904: *15739 FastCGI sent in stderr: “PHP message: PHP Fatal error: Uncaught Error: Class ‘Jetpack
            IXR_Client’ not found in /var/www/fireball.design/fireball-wp-1/wp-content/plugins/jetpack/vendor/automattic/jetpack-sync/src/Actions.php:296
            Stack trace:

            0 /var/www/fireball.design/fireball-wp-1/wp-includes/class-wp-hook.php(286): Automattic\Jetpack\Sync\Actions::send_data(Array, 'deflate-json-ar…’, 1567570024.7236, 'sync’, 0.0019979476928711, 0.006742000579834) 1 /var/www/fireball.design/fireball-wp-1/wp-includes/plugin.php(208): WPHook->applyfilters(Array, Array) 2 /var/www/fireball.design/fireball-wp-1/wp-content/plugins/jetpack/vendor/automattic/jetpack-sync/src/Sender.php(468): applyfilters('jetpacksync_se…’, Array, 'deflate-json-ar…’, 1567570024.7236, 'sync’, 0.0019979476928711, 0.006742000579834) 3 /var/www/fireball.design/fireball-wp-1/wp-content/plugins/jetpack/vendor/automattic/jetpack-sync/src/Sender.php(322): Automattic\Jetpack\Sync\Sender->dosyncfor_queue(Object(Automattic\Jetpack\Sync\Queue)) 4 /var/www/fireball” while reading upstream, client: 192.157.127.23, server: fireball.design, request: “POST /wp-admin/admin-ajax.php HTTP/1.1”, upstream: “fastcgi://unix:/var/run/php/php7.2-fpm.sock:”, host: “fireball.design”, referrer: “https://fireball.design/wp-admin/plugins.php?plugin_status=all&paged=1&s”

            PS I can only post a reply to eairlier posts as the “Reply” button is gone.

          • Yes, the One-click instal LEMP server comes with Fail2ban which might have blocked your IP address.

            You could try allowing your IP address and see how it goes. To do that you need to edit this file here:

            /etc/fail2ban/jail.conf
            

            Then find this line:

            ignoreip =
            

            And then add your IP address there:

            ignoreip = 192.168.1.2 
            

            Of course, change the 192.168.1.2 part.

            Then restart the fail2ban service.

            Let me know how it goes!

Nothing works I give up
Can someone delete this entire post

Have another answer? Share your knowledge.