#Main domain doesn't work

Please help me, i've tried everything. All my A records work but not my main domain name. And I have no idea why.

Please explain the issue you're experiencing in as much detail as possible. Preferably with error messages in a text format or paste link to logs. Nobody can assist you without information that helps to understand the issue. Help us help you. Messages such as "doesn't work" or "i need help" will most likely be ignored.

Players cannot connect to my minecraft server with "sentouki.net" but all other records work.

ofc mc does not listen on port 80, you have to setup a srv reccord to add a port

why would sentouki.net point to port 80?

all dns record just point to a ip, if you want for example mc that is not running on port 25565 you need a extra srv record

my minecraft server is running on the default port 25565

is it 1 server or a bunnge network?

bungee

all other A records I have work

what is the allocated ip of the bunnge server?

141.95.99.155 or 0.0.0.0 to be precise

and in the bungecord conf, the backend server with ip did you enter there?

my backends are all 172.18.0.1

to avoid external connections bypassing the bungee

you likly have some firewall blocking you

else:

man man, i have no problem connecting to the server

View our minecraft proxy guide https://pterodactyl.io/community/games/minecraft.html

i just cannot enter with sentouki.net

it works if i use panel.sentouki.net or mc.sentouki.net

etc

thats why ive send that screenshot above

it point to 141.95.99.155 so that is fine

you should be able to connect

and yet I cannot, any ideas?

I think I see it you point to a other DNS with that NS recoord

but it still respond with the right ip

strange

extremally strange indeed

Okey solved it, I believe.
I assigned an additional IP to my vrack and added it with netplan, and I made the sentouki.net to point to that new IP and all the rest are using my original IP

well kinda.... a few are still saying that they cannot connect with "sentouki.net"

Well your DNS servers are returning the wrong IP address for the domain, so you may need to talk to your DNS provider - these are directly from your authoritative DNS servers

145.239.138.239```

no its correct, thats the additional IP Ive added, you can join with both IPs

the domain "sentouki.net" just has hiccups for some reason

Then you'll need to do more troubleshooting. Checking resolution at the clients end, finding out why the connection is actually rejected, or if it's just dropped, etc

I would love to do that, i've tried many things and changes to my dns configurations, and the only tool i know to use is the dns checkers on google

can i use other things to get info?

You need to get those having trouble connecting to do nslookup's etc

oh i see, like "nslookup sentouki.net" on cmd

alright i'll ask a few people, its annoying that the problem is not happening to me xD

Always the worst when you can't reproduce yourself.

nope, had people run nslookup and there was no difference, even told them to flush their dns but still nothing, i used dig with linux and checked both sentouki.net and mc.sentouki.net and i am not seeing any difference

at this point anyone who can help me, i will pay him

Please explain the issue you're experiencing in as much detail as possible. Preferably with error messages in a text format or paste link to logs. Nobody can assist you without information that helps to understand the issue. Help us help you. Messages such as "doesn't work" or "i need help" will most likely be ignored.

Obvisouly you have an issue in your nginx configuration.

You should follow this tutorial :
https://pterodactyl.io/panel/0.7/webserver_configuration.html#nginx-with-ssl

hhhmm maybe, does it look right to you? (sorry to bother you)

worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    types_hash_max_size 2048;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}


#mail {
#    # See sample authentication script at:
#    # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#    # auth_http localhost/auth.php;
#    # pop3_capabilities "TOP" "USER";
#    # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#    server {
#        listen     localhost:110;
#        protocol   pop3;
#        proxy      on;
#    }
#
#    server {
#        listen     localhost:143;
#        protocol   imap;
#        proxy      on;
#    }
#}

I recommend trying TCPShield. It may fix connections as well.

Do you want's to use https access (it's better because you will have to log in to your panel)

This is a web issue bro, so your shield is not an solution

That's an alternative to the reverse proxy

Either way works

i am using https and ssl

Okay so you show me your /etc/nginx/nginx.conf
But you should create virtual host in /etc/nginx/sites-enabled
For exemple pterodacyl.conf with this the recommended configuration (https://pterodactyl.io/panel/0.7/webserver_configuration.html#nginx-with-ssl)

server_tokens off;

server {
    listen 80;
    server_name <domain>;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name <domain>;

    root /var/www/pterodactyl/public;
    index index.php;

    access_log /var/log/nginx/pterodactyl.app-access.log;
    error_log  /var/log/nginx/pterodactyl.app-error.log error;

    # allow larger file uploads and longer script runtimes
    client_max_body_size 100m;
    client_body_timeout 120s;

    sendfile off;

    # SSL Configuration
    ssl_certificate /etc/letsencrypt/live/<domain>/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/<domain>/privkey.pem;
    ssl_session_cache shared:SSL:10m;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
    ssl_prefer_server_ciphers on;

    # See https://hstspreload.org/ before uncommenting the line below.
    # add_header Strict-Transport-Security "max-age=15768000; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header Content-Security-Policy "frame-ancestors 'self'";
    add_header X-Frame-Options DENY;
    add_header Referrer-Policy same-origin;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param HTTP_PROXY "";
        fastcgi_intercept_errors off;
        fastcgi_buffer_size 16k;
        fastcgi_buffers 4 16k;
        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        fastcgi_read_timeout 300;
        include /etc/nginx/fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }
}

yeah thats what i followed, i think its the same no?

    server_name panel.sentouki.net;

    root /var/www/pterodactyl/public;
    index index.html index.htm index.php;
    charset utf-8;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/pterodactyl.app-error.log error;

    # allow larger file uploads and longer script runtimes
    client_max_body_size 100m;
    client_body_timeout 120s;

    sendfile off;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php/php8.1-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param HTTP_PROXY "";
        fastcgi_intercept_errors off;
        fastcgi_buffer_size 16k;
        fastcgi_buffers 4 16k;
        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        fastcgi_read_timeout 300;
    }

    location ~ /\.ht {
        deny all;
    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/panel.sentouki.net/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/panel.sentouki.net/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = panel.sentouki.net) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    listen [::]:80;

    server_name panel.sentouki.net;
    return 404; # managed by Certbot


}```

There were too many logs to read @lime trench. Please post 5 or less.

Ok, the problem is that you should write this server_name line :

server_name panel.sentouki.net sentouki.net;

Because you are using many domain name 😉

Be careful, you have to server_name line to edit

i'll try it, and reboot the machine when i am able, hopefully that would work
thanks for taking the time man, i really really appreciate it

you dont have to reboot your machine

only do : systemctl restart nginx
Then check that it's dont fail with : systemctl status nginx

I have check your ssl configuration, you should redone your certificate (using certbot for example to certify multiple domain name) in the same certificate file
overwise people will have and web browser disclaimer

Even without this certificate your connexion is secure (encrypted client to server) but unstrusted
That's mean that an hacker can potentially impersonate your server identity

i did the change seems to be fine

● nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset:>
     Active: active (running) since Mon 2022-12-19 17:30:21 UTC; 5s ago
       Docs: man:nginx(8)
    Process: 46024 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_proc>
    Process: 46025 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (>
   Main PID: 46026 (nginx)
      Tasks: 25 (limit: 154359)
     Memory: 22.9M
        CPU: 36ms
     CGroup: /system.slice/nginx.service
             ├─46026 "nginx: master process /usr/sbin/nginx -g daemon on; maste>
             ├─46027 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" ">
             ├─46028 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" ">
             ├─46029 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" ">
             ├─46030 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" ">
             ├─46031 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" ">
             ├─46032 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" ">
             ├─46033 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" ">
             ├─46034 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" ">
             ├─46035 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" ">
             ├─46036 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" ">
             ├─46037 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" ">

Nice 👌

i'll ask if people can join with "sentouki.net"
and i'll check to clear that ssl warning

I can join

oh you can?

Yes

but with the ssl warning

ah you mean the panel or the mc server?

The panel

I have no account so i can't log in 😉

ah ye the panel was working fine, but yes thanks for checking

the fix you just gave, was for him to access the panel on "sentouki.net" though..??

Yup

but the issue is that his players cannot connect to his minecraft server with "sentouki.net" not to the panel itself

Oh my bad

Then @lime trench
Use netstat -lntp to check which port are open and which are who can connect

You should find this line which mean that one docker (probably your minecraft server) allow everyone (0.0.0.0) to join him on 25565

If every things is good you will have to check your firewall configuration

You'll need to remove sentouki.net from the webserver part so it doesn't get redirected to 443

nslookup on his domain gives me a completely different ip than his initial target

It doesn't look like you're using nginx to reverse proxy to your server. Are you having people connect with Domain:Port?

It's give me : 145.239.138.239

yeah, his target is 141

not 145

nslookup gives this

he is speaking about an additional ip
Is the screenshot completed ?
Because i can join is website panel.sentouki.net en sentouki.net from event if it's not the ip on the screen

both of them points to OVH

I'm not a bot..

ok, i have no idea what you are talking about

yeah i already changed that from before when i assigned an additional IP

its correct, both work for joining the mc server

thats not the issue

ah

should be something related to your domain / dns config and not related to the webserver

in fact you should switch the webserver config back to just panel.something.net

ye i did that, and i am not sure if its the dns, this is my whole dns config

@    IN SOA dns200.anycast.me. tech.ovh.net. (2022121910 86400 3600 3600000 300)
                  IN NS     ns200.anycast.me.
                  IN NS     dns200.anycast.me.
                  IN A      145.239.138.239
_minecraft        IN SRV    1 5 25565 sentouki.net
mc                IN A      141.95.99.155
node              IN A      141.95.99.155
panel             IN A      141.95.99.155```

i tried adding an srv record in case it can help

but nope

ah SRV you dont have to use that for 25565

i stopped using SRV records when i started hosting bungee networks

i use forced-hosts primarily

plus my own plugin for proxy redirections

i never needed to use srv records aswell, but someone suggested it might help

well, i just added 4 records to mc

1 with sentouki.net
1 with mc.sentouki.net
1 of the 141 ip and 1 for 145 ip

only the first one gives a "cant connect" response so there's prob something wrong on that specific domain ig

yeap, and if you use just the ips they work fine

so yeah i have no idea

i had it happen once to a friend like this and it was DNS related so i assume thats the case for you

Dont forget firewall option 😉

maybe? but its just confusing, these things are usually vert straightfoward

its not the firewall

well the ports are most certainly open, and if he hosts a bungee network, he wants the ports to be open with pterodactyl0

but yeah it is usually straight forward

Can you confirme that your server is listening on 25565 ?
Using netstat -lntp ?

lol if port 25565 wasnt open, no one would be able to join

but ye gimme a min

there it is, doxing my setup xD

Ok thx

I used the following script
https://gist.githubusercontent.com/Lonami/b09fc1abb471fd0b8b5483d54f737ea0/raw/26e5b1cecdd0292e274a885517d4a48caad11b7e/mc-ping.py

This is a python implementation of minecraft ping protocole

It's return this for your server :

Server(description='', icon=True, version='Waterfall 1.8.x, 1.9.x, 1.10.x, 1.11.x, 1.12.x, 1.13.x, 1.14.x, 1.15.x, 1.16.x, 1.17.x, 1.18.x, 1.19.x', protocol=761, players=[, online=35, max=150])

So it's look like you haven't any issue

I tried from minecraft :

(this is suprising me)

I use panel.sentouki.net ip
And it's works

I thinks this is an waterfall missconfiguration so

Maybe you have to use this kind of configuration :
(This is an waterfall example coming from my own configuration)

@lime trench

They only blocked that domain, not the subdomains.

I believe switching your bungee to 1.7.9 may fix it, as they didn't have an EULA until 1.7.10

Viaversion will allow 1.7.10+ to still join.

holy shit! thats insane that you found it, i was never going to figure out what happened

some kids propably massed report me or something, i need to find a proxy that will let people in

Same thing happened to a friend of mine, so it just popped into my head when I realized we were trying all the same steps to figure this out that I did.

thank you very very much man

No problem

not sure, but you can try velocity

it's probably the best proxy out there for minecraft atm in my opinion

i dont think velocity is the answer to this

you're not gonna be able to find a proxy that allows you to circumvent the fact that your domain is blocked lmao

the EULA was introduced way before 1.7.10 iirc, they just didn't force you to accept it before then

saddly thats true, going to 1.7.9 wont work

unfortunately yes, the EULA was introduced back in 2013 iirc, and at the time they didn't heavily enforce it by forcing you to accept it upon first server boot etc

switching to a different proxy version, or paper versions etc won't help you in this case

ah