[BUG] Any random hestiacp user (admin or not) can make nginx crash just by adding a wrong new domain

[Faymir]

Describe the bug
It seems that hestia cp doesn't check new provided nginx configuration validity before restarting it.
Even if a check is made (cf

hestiacp/bin/v-restart-web

Line 58 in 0ac3db8

service $WEB_SYSTEM configtest >> /dev/null 2>&1

), hestia still try to restart nginx without putting it back in it's "original" state
which results in errors like this:

nginx: [emerg] invalid server name or wildcard "jaap..nl" on x.x.x.x:80
nginx: configuration file /etc/nginx/nginx.conf test failed
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.

So an error in the nginx conf can make all the server unavailable because nginx failed to restart .
cp panel, and all websites on the server unavailable because of one user.

To Reproduce

1. Click on the "Web" tab.
2. Click on "Add Web Domain".
3. Enter test..com (<- notice 2 dots here)
4. Click on save button

Expected behavior

• The admin receive an email (based on the code in

  hestiacp/bin/v-restart-web

  Line 60 in 0ac3db8

  send_email_report

  )
• An error is showed to the user (based on the code in

  hestiacp/bin/v-restart-web

  Line 61 in 0ac3db8

  check_result $E_RESTART "$WEB_SYSTEM restart failed"

  )
• nginx is still started and working
• all websites on the server are still reachable
• hestia cpanel is still accessible

Screenshots

Operating system:
Debian 10

Hestia Control Panel version:
hestia 1.4.9 and 1.4.10
only nginx + php-fpm (no apache)

Additional Context
systemctl status nginx.service result

● nginx.service - nginx - high performance web server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Thu 2021-08-12 13:41:14 UTC; 6min ago
     Docs: https://nginx.org/en/docs/
  Process: 12752 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=1/FAILURE)

Aug 12 13:41:13 example.com systemd[1]: Starting nginx - high performance web server...
Aug 12 13:41:14 example.com nginx[12752]: nginx: [emerg] invalid server name or wildcard "jaap..nl" on x.x.x.x:80
Aug 12 13:41:14 example.com systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
Aug 12 13:41:14 example.com systemd[1]: nginx.service: Failed with result 'exit-code'.
Aug 12 13:41:14 example.com systemd[1]: Failed to start nginx - high performance web server.

[jaapmarcus]

As discussed on Discord it is indeed a bug

[lastguru1]

Same happened to me this week. A user copied a domain name from somewhere, and it looked fine. Then all server has crashed, as there was some kind of invisible character in the copied domain name. He actually crashed my server twice, as the character was invisible for him, so he did not understand, what he did wrong... Hestia web did not show the domain lists afterwards and some invalid directories were made, showing the domain name as "piemers.\342\200\213lv". IDN must be accepted, though, so please do not filter out all non-latin characters...

[jaapmarcus]

There is also a bug in:

hestiacp/func/main.sh

Line 659 in a2845d4

if [[ $1 =~ $exclude ]] || [[ $1 =~ ^[0-9]+$ ]] || [[ $1 =~ "\.\." ]] || [[ $1 =~ "$(printf '\t')" ]] || [[ "$1" = "www" ]]; then

".." will be treated as literally instead of regex code changed that part.

The restore part after failing to add a domain should be fixed anyway..

[Faymir]

Hello,
I am not sure to understand what you mean here:

".." will be treated as literally instead of regex code changed that part.

Could you elaborate please ?

[jaapmarcus]

Currently domain..nu is valid. After we merge the new code it will be invalid..

[Faymir]

I tryed replacing "/./." by ".." and it detects jaap..nl as invalid, so that could resolve the case of an invalid domain containing ".."
Maybe there are others cases not checked.

[jaapmarcus]

The main issue is still present if a buggy template it still kills nginx / apache2 we still need to solve this part..

[sdelfi]

The same problem.
I shared custom Nginx config with client. When he writes wrong config and saves webdomain via UI - Nginx restarts and all sites are down.

I tried to add "exit" here (/usr/local/hestia/bin/v-restart-web file):

But it doesn't work as well. HestiaCP is still trying to restart Nginx after configtest failed

[jaapmarcus]

check_result already contains allready an exit.

Need to investigate the bug more...

[vertx-one]

Another one option to break HestiaCP is use IDN in domain alias field.
I kill fresh install HestiaCP 1.6.0 :)

[jaapmarcus]

Please create a new issue for this one. The other one need to be patched at long term

#2674