How do I troubleshoot a Plesk login error in Lightsail?

5 minuti di lettura
0

I can’t log in to the Plesk control panel in Amazon Lightsail. I want to diagnose and troubleshoot common issues to log in.

Short description

The following are common reasons for a login error to the Plesk control panel in your Lightsail instance:

  • The IP address in the login link isn't correct.
  • Access on HTTPS ports 443 and 8443 is blocked.
  • Plesk's firewall doesn't allow your IP address.
  • A firewall on your instance's operating system doesn't allow access.
  • There's an operating system instance issue.

Resolution

Reboot Lightsail to get the correct login link

When you attach a static IP address to your Lightsail instance, you receive an incorrect login link with your old IP address. To receive a one-time login link with the correct IP address, complete the following steps:

  1. Stop, and then restart Lightsail. For more information, see Start, stop, or restart your Lightsail instance.

  2. If you can't restart the instance, then run the following command. Replace example-IP with your IP address:

    $ sudo plesk bin admin --enable-access-domain "example-IP"
  3. Get the one-time login URL for your Plesk instance.

Allow access to ports 433 and 8443

If Plesk allows access from your IP address, then verify that ports 443 and 8443 are not blocked. To check the access on these ports, run the following commands:

telnet example-IP 443  
telnet example-IP 8443  

Note: Replace example-IP with your IP address.

If the output includes a "connection timed out" or "connection refused" error, then unblock the port that corresponds to that output. For more information, see Control instance traffic with firewalls in Lightsail.

Unblock your IP address in Plesk's firewall

Verify that Plesk's local firewall rules allow access from your IP address. For more information, see How to manage local firewall rules using Plesk Firewall in Plesk for Linux on the Plesk website.

Plesk firewall

  1. List the rules:

    sudo /usr/local/psa/bin/modules/firewall/settings --list-json
  2. Make sure that access is allowed on TCP ports 443 and 8443, and then verify that your IP address is not blocked. If the rule includes Deny, then note the ID numbers of the rule that block access. Then, remove the rule. Replace the id_number values with the ID number of the rule that you noted.

    sudo /usr/local/psa/bin/modules/firewall/settings --remove-rules -ids example_id_1,example_id_2
  3. Allow access. Replace -name and -ports with the ID number of the rules from step 2.

    sudo /usr/local/psa/bin/modules/firewall/settings -s -name 'My rule' -direction input -action allow -ports '8443/tcp,443/tcp'

Unblock your IP address in the operating system firewalls

Uncomplicated Firewall (UFW), Fail2ban, and iptables are operating system firewalls that can block Plesk access. To troubleshoot an operating system firewall that blocks your IP address, use SSH to connect to Lightsail. Then, take the following actions based on your use case:

UFW

  1. Verify that UFW allows access on ports 443 and 8443:
    $ sudo ufw status numbered
    Note: If the output includes Status: active, then proceed to step 2.
  2. Allow access on ports 443 and 8443:
    # sudo ufw allow 443  
    # sudo ufw allow 8443

Fail2ban

  1. List the IP addresses that Fail2ban doesn't allow:

    $ sudo fail2ban-client banned
  2. Unblock your IP address. Replace example-IP with your IP address:

    $ sudo fail2ban-client set plesk-panel unbanip example-IP

Iptables

  1. List the rules in iptables. Then, confirm that access is allowed on ports 443 and 8443, and verify that your IP address isn't blocked:

    $ sudo iptables -L --line-numbers

    If iptables allows access, then the output includes ACCEPT. If iptables doesn't allow access on the ports, then proceed to step 2.
    -or-
    If a rule in iptables blocks your IP address, then note the chain name and line number. Then, proceed to step 3.

  2. Allow access on the ports:

    sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT  
    sudo iptables -A INPUT -p tcp --dport 8443 -j ACCEPT
  3. Delete the rule that blocks your IP address. Replace example_chain_name with the chain name and example_line_number with the line number from step 1:

    $ sudo iptables -D example_chain_name example_line_number
  4. Allow access from your IP address. Replace example_chain_name with the chain name from step 1 and example_IP with your IP address:

    $ sudo iptables -A example_chain_name -s example_IP -p tcp --dport 443 -j ACCEPT  
    $ sudo iptables -A example_chain_name -s example_IP -p tcp --dport 8443 -j ACCEPT  
    

Deactivate the operating system firewalls
If you can't unblock an operating system firewall, then deactivate the firewall. However, it's a best practice to keep a firewall activated because the firewall flushes custom rules when you deactivate it. For more information, see How to start/stop and enable/disable FirewallD and Iptables Firewall in Linux on the Tecmint website.

There is an operating system issue

To troubleshoot your operating system issues, review your instance's performance and your operating system's application logs.

Review your instance's performance

Make sure that Lightsail is responsive. For more information, see How do I troubleshoot common issues that cause my Lightsail instance to be unresponsive?.

Review your operating system's application logs
Check your operation system's application logs for timestamps that match your login error.

  • NGINX:

    /var/log/nginx/error.log
  • Apache 2:

    /var/log/apache2/error.log
  • Ubuntu:

    /var/log/syslog
  • Plesk:

    /var/log/sw-cp-server/error_log
  • Plesk panel logs:

    /var/log/plesk/panel.log
AWS UFFICIALE
AWS UFFICIALEAggiornata 2 mesi fa