hestiacp
hestiacp copied to clipboard
hestiacp
[Bug] IDN as alias crash webserver
Describe the bug
Another one option to break HestiaCP is use IDN in domain alias field. I kill fresh install HestiaCP 1.6.0 :)
Tell us how to replicate the bug
https://github.com/hestiacp/hestiacp/issues/2055#issuecomment-1160543555
Which components are affected by this bug?
(Backend) Web Server (Nginx, Apache2)
Hestia Control Panel Version
1.6
Operating system
N/A
Log capture
No response
Describe the bug
Another one option to break HestiaCP is use IDN in domain alias field. I kill fresh install HestiaCP 1.6.0 :)
Tell us how to replicate the bug
Which components are affected by this bug?
(Backend) Web Server (Nginx, Apache2)
Hestia Control Panel Version
1.6
Operating system
N/A
Log capture
No response
OS is Ubuntu 22.04 I enter cyrillic IDN домен.рф
Can you provide with some more information?
root@dev:~# v-add-web-domain jaap jaap.nl '' 'yes' 'домен.рф'
Works fine I have no issues>
I use web interface, primary domain is domain.ru, in alias field 2 values: www.domain.ru and домен.рф
And systemctl status nginx returns:
root@dev:/usr/local/hestia/nginx/conf# nano nginx.conf root@dev:/usr/local/hestia/nginx/conf# systemctl status nginx ● nginx.service - nginx - high performance web server Loaded: loaded (/etc/systemd/system/nginx.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2022-06-21 12:11:04 CEST; 34s ago Docs: https://nginx.org/en/docs/ Process: 171563 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS) Process: 172660 ExecReload=/bin/sh -c /bin/kill -s HUP $(/bin/cat /var/run/nginx.pid) (code=exited, status=0/SUCCESS) Main PID: 171564 (nginx) Tasks: 5 (limit: 4555) Memory: 8.0M CPU: 149ms CGroup: /system.slice/nginx.service ├─171564 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf ├─172679 nginx: worker process ├─172680 nginx: worker process ├─172681 nginx: cache manager process └─172682 nginx: cache loader process
server_name test.nu www.test.nu xn--d1acufc.xn--p1ai;
root /home/test/web/test.nu/public_html;
What error does nginx return?
nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Also i check /var/log/nginx/error.log it is empty
Clarification: IDN domain alias breaks WebUI for User Account whom add it. I check with incognito mode in chrome: HestiaCP works when i logged in as admin, but when i tried to switch to problem account it ruins. Cookie cleanup allow me to enter as admin again.
Problem fixes only when i remove IDN from /usr/local/hestia/data/users/DOMAIN/web.conf by hands. In this file domain alias looks like домен.рф
If i add IDN converted as punycode everthing works fine, but it is unreadable :(
Are we talking about Hestia web UI or nginx on port 80
in the first case check /var/log/hestia/nginx-error.log
After click save in domain editing: http://joxi.ru/v29Oe8ZT4lMv7r
Content of /usr/local/hestia/data/users/ristudio.ru/web.conf
DOMAIN='ristudio.ru' IP='188.120.242.79' IP6='' FASTCGI_DURATION='0s' FASTCGI_CACHE='no' CUSTOM_PHPROOT='' CUSTOM_DOCROOT='' ALIAS='www.ristudio.ru,ристудия.рф' TPL='default' SSL='no' SSL_FORCE='no' SSL_HOME='same' LETSENCRYPT='no' FTP_USER='' FTP_PATH='' FTP_MD5='' BACKEND='default' PROXY='default' PROXY_EXT='jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,htm,html,ttf,otf,webp,woff,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf' STATS='' STATS_USER='' AUTH_HASH='' AUTH_USER='' REDIRECT_CODE='' REDIRECT='' STATS_CRYPT='' U_DISK='1' U_BANDWIDTH='0' SUSPENDED='no' TIME='16:05:42' DATE='2022-06-20'
From /var/log/hestia/nginx-error.log
2022/06/21 14:07:36 [error] 718#0: *1219 FastCGI sent in stderr: "PHP message: PHP Fatal error: Uncaught TypeError: array_keys(): Argument #1 ($array) must be of type array, null given in /usr/local/hestia/web/edit/web/index.php:25
Stack trace:
#0 /usr/local/hestia/web/edit/web/index.php(25): array_keys()
#1 {main}
thrown in /usr/local/hestia/web/edit/web/index.php on line 25" while reading response header from upstream, client: 109.126.237.243, server: _, request: "GET /edit/web/?domain=ristudio.ru HTTP/1.1", upstream: "fastcgi://unix:/var/run/hestia-php.sock:", host: "188.120.242.79:8083", referrer: "https://188.120.242.79:8083/edit/web/?domain=ristudio.ru&token=7b8d8f894f283ddff9a7b3eb8e1de3ce"
/usr/local/hestia/bin/v-list-web-domains ristudio.ru json
{
"ristudio.ru": {
"IP": "188.120.242.79",
"IP6": "",
"DOCUMENT_ROOT": "/home/ristudio.ru/web/ristudio.ru/public_html/",
"U_DISK": "1",
"U_BANDWIDTH": "0",
"TPL": "default",
"ALIAS": "www.ristudio.ru,ристудия.рф",
"STATS": "",
"STATS_USER": "",
"SSL": "no",
"SSL_HOME": "same",
"LETSENCRYPT": "no",
"FTP_USER": "",
"FTP_PATH": "",
"AUTH_USER": "",
"BACKEND": "default",
"PROXY": "default",
"PROXY_EXT": "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,htm,html,ttf,otf,webp,woff,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf",
"SUSPENDED": "no",
"TIME": "16:05:42",
"DATE": "2022-06-20"
}
}
I am not able to recreate the issue on both Debian 11 as in Ubuntu 22.04
No réponse and not able to replicate the issue.
If possible provide with more information on what is going wrong and nginx error logs