Resolved 503 Error on submission of API call, still works though...

[ajtaylordev]

Hi there, sorry I feel like I have posted way too much on this forum recently asking for help. I am so close to achieving a fully working and automated hosting account script using Plesk API. The issue I have now is: user clicks activate host account, Plesk API script creates everything as it should, PHP writes everything to my database as it should, however after the user has clicked activate host account, the page loads for a few seconds then returns a 503 error (even though the script ran correctly and everything was created.)

I was wondering if anybody knew what caused this, I'm just going to put the entire PHP page on here and hope that somebody can tell me where I am going wrong?

Thanks again:

<?php

$new_plesk_error = false;

if(isset($_POST['activate_host'])) {

$plesk_name = $_POST['plesk_name'];
$plesk_company = $_POST['plesk_company'];
$plesk_email = $_POST['plesk_email'];
$plesk_user = $_POST['plesk_user'];
$plesk_pass = $_POST['plesk_pass'];
$service_plan = $_SESSION['service_plan'];
$plesk_created = $_SESSION['created'];

//Check for errors

if(empty($_POST['plesk_name'])) {

$new_plesk_error = true;
$_SESSION['ERROR_PLESK_NAME'] = "SET";

}

if($_POST["strength"] != "strong") {

$new_plesk_error = true;
$_SESSION['ERROR_PASS_STRENGTH'] = "SET";

}

if(empty($_POST['plesk_pass'])) {

$new_plesk_error = true;
$_SESSION['ERROR_NEW_PASS'] = "SET";

}

if(empty($_POST['plesk_email'])) {

$new_plesk_error = true;
$_SESSION['ERROR_NEW_EMAIL'] = "SET";

}

// Function to validate email
function test_input($resetemail) {
$resetemail = trim($resetemail);
$resetemail = stripslashes($resetemail);
$resetemail = htmlspecialchars($resetemail);
return $resetemail;
}

$resetemail = test_input($_POST["plesk_email"]);

// Validate email address
if (!filter_var($resetemail, FILTER_VALIDATE_EMAIL)) {
$new_plesk_error = true;
$_SESSION['ERROR_NEW_EMAIL_INVALID'] = "SET";
}

// ERROR CHECKS COMPLETE

if($new_plesk_error === false) { // NO ERRORS FOUND, PROCEED
// Update database to activate product for user
// Turn autocommit off
$link -> autocommit(FALSE);
$link -> query("UPDATE assoc_purchases SET item_status = 'enabled' WHERE created = '$plesk_created'");

// Commit transaction
if (!$link -> commit()) {
echo "Commit transaction failed";
}
///////////////////////////////////////////////////////////////////////////// START OF PLESK OPERATION
// First we need to create a secret key, to do that we will send a request with basic authentication.
$data = array(
'login' => 'admin',
'description' => 'Secret Key'
);

$payload = json_encode($data);

$login = 'XXXXXXXXX';
$password = 'XXXXXXXXXX';
$url = 'https://example-server.cloud/api/v2/auth/keys';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
$result = curl_exec($ch);
curl_close($ch);
$result = json_decode($result);

$secret_token = $result->key; // This is the key we will use for further authentication (no need for basic anymore).

////////////////////////////////////////////////////////////////////////////////////////////////////////////
// CREATE NEW CUSTOMER //

$url = 'https://example-server.cloud/api/v2/clients';
$data = array(
'name' => ''.$plesk_name.'',
'company' => ''.$plesk_company.'',
'login' => ''.$plesk_user.'',
'status' => '0',
'email' => ''.$plesk_email.'',
'locale' => 'en-US',
'owner_login' => 'admin',
'external_id' => 'link:12345',
'description' => 'User',
'password' => ''.$plesk_pass.'',
'type' => 'customer'
);

$payload = json_encode($data);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);

$headers = array();
$headers[] = 'Content-Type: application/json';
$headers[] = 'Accept: application/json';
$headers[] = 'X-API-Key: '.$secret_token.'';
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$result = curl_exec($ch);
if (curl_errno($ch)) {
echo 'Error:' . curl_error($ch);
}
curl_close($ch);


////////////////////////////////////////////////////////////////////////////////////////////////////////////
// ADD SUBSCRIPTION PLAN TO CUSTOMER USING REST API CLI METHOD //

$url = 'https://example-server.cloud/api/v2/cli/subscription/call';

$payload = '{ "params": ["--create", "example.com", "-owner", "'.$plesk_user.'", "-service-plan", "'.$service_plan.'", "-ip", "82.165.XXX.XXX", "-login", "'.$plesk_user.'", "-passwd", "'.$plesk_pass.'"]}';

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);

$headers = array();
$headers[] = 'Accept: application/json';
$headers[] = 'Content-Type: application/json';
$headers[] = 'X-API-Key: '.$secret_token.'';
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$result = curl_exec($ch);
if (curl_errno($ch)) {
echo 'Error:' . curl_error($ch);
}
curl_close($ch);


unset($_SESSION['created']);
unset($_SESSION['service_plan']);
header("location:account.php?navigation=products");

} else {

$_SESSION['ERROR_PLESK_FAILURE'] = "SET";

}

}

?>

 

[ajtaylordev]

To add to this issue, in my apache error log I get the following:

Failed to read FastCGI header, referer: https://example.com/activate.php
and
(104)Connection reset by peer

 

[Nik G]

hello @ajtaylordev ,

I'm right that you found error regarding failed read FastCGI in domain's error log ?
if no, please inspect domain's error log, probably it contain more info.

Also, you can try to increase execution time in php settings for domain.

additionally, it would be good to check fail2ban settings:
Probably you need to add your IP address to the white list to avoid false positive attack detection.

 

[ajtaylordev]

Hello, yes that is correct it is in the domain error log and it is the only thing it really mentions.

In my troubleshooting process I have decided to split the script in half to try and narrow down. So now I have created the user for plesk in one form, then the service plan in the second form. The first part works fine and redirects as it should after creating user so I can narrow it down to the second part (create service plan)
As for fail2ban, the IP is already listed in the whitelist and I have extended execution time but to no avail the problem still persists.

Is it possible there is some sort of conflict where the script is trying to create the same user twice? Once in the /clients and then again in subsciption/call?

 

[Nik G]

for the first look - should not.
in case you create several objects in one packet and one of them already exists
you will receive an error for exact this object, but the second one will be created successfully:

<?xml version="1.0" encoding="UTF-8"?>
<packet version="1.6.9.1">
<mail>
<create>
<result>
<status>error</status>
<errcode>1007</errcode>
<errtext>Unable to create mailname because mailname with given name already exist</errtext>
<mailname>
<name>kitman03</name>
</mailname>
</result>
<result>
<status>ok</status>
<mailname>
<id>109</id>
<name>kitman05</name>
</mailname>
</result>
</create>
</mail>
</packet>

example above for creation two mailboxes.

 

[ajtaylordev]

There is one more thing in the domain error log: AH01071: Got error 'Primary script unknown', referer: http://website.com/wp-login.php - Not sure if its relevant as I am not using wordpress.

 

[Kaspar]

@Nik G I think @ajtaylordev is using the Rest API for his project

example above for creation two mailboxes.

@ajtaylordev I don't think this is an issue directly caused by the API itself. Rather I it seem like either a PHP (mis)configuration or inappropriate handeling of the API response(s). So you have some debugging to do. If you really want to be sure there no issue with the API use a tool like Postman to individually analyse all API calls you want to make. It's a great tool for working with API's. For debugging your PHP scripts you can enable Xdebug. Which comes pre-installed with Plesk, but is disabled by default as it can display sensative data/code publicly. (So don't forget to disable it after you're finished debugging).

 

[Nik G]

as I remember the behavior of API (RPC and REST) should be the same.
I meant it should not fail the whole packet in case multiple objects creation.

 

[ajtaylordev]

I enabled xdebug, how do I use it though? Is there a simple way on Plesk admin panel to access this log?

 

[ajtaylordev]

Does this mean anything to you in syslog?

Apr 21 12:51:28 a530107 systemd[1]: Stopped Plesk task: Event 'domain_create' for object with ID '40' (task=3394 process=3394 trace=41631:6261534b2c5f6).
Apr 21 12:51:28 a530107 systemd[1]: Started Plesk task: Event 'phys_hosting_create' for object with ID '40' (task=3400 process=3400 trace=41631:6261534b2c5f6).
Apr 21 12:51:28 a530107 systemd[1]: run-plesk-task-3395.service: Main process exited, code=exited, status=1/FAILURE
Apr 21 12:51:28 a530107 systemd[1]: run-plesk-task-3395.service: Failed with result 'exit-code'.

Also I constantly keep getting emails about new account created from server, as if its stuck in a loop.

 

[Nik G]

@ajtaylordev , do you see any errors at this timestamp in /var/log/plesk/panel.log ?

additionally, you can add to the /usr/local/psa/admin/conf/panel.ini code below:

[debug]
enabled = 1
[log]
filter.priority = 7
show.sql_query = on
show.util_exec = on
show.util_exec_io = on

code above should increase logs verbosity.
but do not forget to remove them after you've finished! they are not for production systems!

by some reasons physical hosting creation failed. it may due to wrong params or license restrictions.

 

[ajtaylordev]

Panel log at this time states the following:

[2022-04-21 12:51:28.123] 42107:6261534ff3363 ERR [panel] [6261534ff330c] Result of interface implementation call: failure: Could not find domain connect URL prefix for example.com.

 

[Nik G]

ookay. seems subscription creation failed due to some reason.

try to change

$payload = '{ "params": ["--create", "example.com", "-owner", "'.$plesk_user.'", "-service-plan", "'.$service_plan.'", "-ip", "82.165.XXX.XXX", "-login", "'.$plesk_user.'", "-passwd", "'.$plesk_pass.'"]}';

to

$sysUser = $plesk_user . 'sys';
$payload = '{ "params": ["--create", "example.com", "-owner", "'.$plesk_user.'", "-service-plan", "'.$service_plan.'", "-ip", "82.165.XXX.XXX", "-login", "$sysUser", "-passwd", "'.$plesk_pass.'"]}';

and please pay attention to

"'.$plesk_user.'"

probably there are extra dotes and extra single quotes, but I'm not sure.

 

[ajtaylordev]

No still the same outcome unfortunately :/
I will continue debugging, and hopefully find something to share a solution here.

 

[Kaspar]

Just to be sure, can you check if the "Apache graceful restart" option is enabled in Tools & Settings > Apache Web Server on the Plesk server?

 

[ajtaylordev]

Just to be sure, can you check if the "Apache graceful restart" option is enabled in Tools & Settings > Apache Web Server on the Plesk server?

yes it is enabled.

 

[ajtaylordev]

Ok, I managed to get it to redirect successfully after creating the subscription. I changed PHP settings to run as FastCGI instead of FPM, error logs are also clear now. Not sure what difference it will make on the running of my website but at least it seems to be working now!