Managing IPs
How to bind all IPs, the startips service
The startips service is used to bind all IPs that are managed by DirectAdmin service. It is called during the boot process, but it has to be called manually after you restart networking service.
On an Operation Systems with systemd:
systemctl restart startips
On older OS with init.d :
/etc/init.d/startips restart
Admin IP Manager will now include the list of IPs direct from device
The call to:
CMD_IP_MANAGER?json=yes
will now include an extra array holding all IPs listed in the device, totally independent of what DA configured.
The device_ips will have a list of devices in the "devices" array.
Each IP in that device will have:
- a numbered netmask, eg: 255.255.255.0
- a CIDR format bitmask, eg: /24
- and the ifa_flags for this IP address.
To know what the flags mean, do a bitwise & on them using the device_ips[ifa_flags] array in a loop. For example:
if (69699 & 1)
print "Interface is running."
should you need to display this information.
See below for the list of masks. They'll be included in the json output.
Sample JSON output:
"device_ips":
{
"devices":
{
"eth0":
{
"1.2.3.4":
{
"bitmask": "/24",
"ifa_flags": "69699",
"netmask": "255.255.255.0"
},
"1.2.3.5":
{
"bitmask": "/24",
"ifa_flags": "69699",
"netmask": "255.255.255.0"
},
"2001:56a:f6f9:f600:20d:29ff:fe1a:238a":
{
"bitmask": "/64",
"ifa_flags": "69699",
"netmask": "ffff:ffff:ffff:ffff:0:0:0:0"
}
},
"lo":
{
"0:0:0:0:0:0:0:1":
{
"bitmask": "/128",
"ifa_flags": "65609",
"netmask": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"
},
"127.0.0.1":
{
"bitmask": "/8",
"ifa_flags": "65609",
"netmask": "255.0.0.0"
}
}
},
"ifa_flags":
{
"1": "Interface is running.",
"2": "Valid broadcast address set.",
"4": "Internal debugging flag.",
"8": "Interface is a loopback interface.",
"16": "Interface is a point-to-point link.",
"32": "Avoid use of trailers.",
"64": "Resources allocated.",
"128": "No arp protocol, L2 destination address not set.",
"256": "Interface is in promiscuous mode.",
"512": "Receive all multicast packets.",
"1024": "Master of a load balancing bundle.",
"2048": "Slave of a load balancing bundle.",
"4096": "Supports multicast",
"8192": "Is able to select media type via ifmap.",
"16384": "Auto media selection active.",
"32768": "The addresses are lost when the interface goes down."
}
},
How to assign a User an owned IP
To set an owned IP, use the following steps:
Ensure the Creator of the User has a free IP available. Go to Reseller Level -> IP Management ensure you see an IP with status "free". If you do, skip to step 3. NOTE: If you wish to assign a User to a shared IP, ensure the IP is set to "shared" before assigning it to a User. Only shared or server IPs can have multiple Users assigned to them.
If you do not see a free IP in the list, you'll need to assign one to the Reseller. To do this, go to Admin Level -> IP Management, select an IP that is not assigned to any Reseller, then click the "Assign To" button with the relevant Reseller selected.
At this step, we assume the the Reseller has a free IP available. To assign that IP to the User to use, go to Reseller Level -> List Users -> username -> Modify User username select the free IP and click "save". The free IP will not have the word "Shared" beside it.
After this point, the IP will now be assigned to the User. NOTE: it's normal that you'll see the Apache page or the shared IP page in place of the domain for up to 4 hours. This will be due to DNS propagation
How to have no downtime during IP assignment?
This assumes both IPs are going to be on the same box. We'll also use the Multi-IP system and just assign the 2nd IP to 1 domain, and temporarily have 2 IPs on the same User account (you can change it later if you want). This allows multiple domains to be on the User account, and they'll be unaffected.
We'll assume we have domain.com using 1.2.3.4, and we'll change the domain (not the User) to use 1.2.3.5, but still allow 1.2.3.4 to work in the background for a short period (hence no-downtime).
Add 1.2.3.5 as a 2nd IP to the domain using the Multi-IP System.
Edit your DNS to remove all 1.2.3.4 IPs:
User Level -> domain.com -> DNS Management
Remove all A records that point to 1.2.3.4.
Note, leave your TXT record (SPF) if 1.2.3.4 is your server IP. Outbound emails will always leave from your server IP (unless manually configured otherwise), so it needs to stay put.
Wait 4 hours. Then wait some more (maybe a day). This is for DNS propagation. We need the old 1.2.3.4 IP to get flushed out of the DNS system on everyone's DNS servers (not just yours).
Once the DNS has propagated and been flushed out, then you can fully remove 1.2.3.4 from the domain (and User if you want). User Level -> Domain Setup -> domain.com
Remove 1.2.3.4.
OR, to remove it from the User (has to be done quickly):
- Remove 1.2.3.5 from the domain.
- Re-add 1.2.3.4 to the domain.
- Go to Reseller Level -> List Users -> username and remove the 1.2.3.5 additional IP.
- At the same page, change the main IP for the user from 1.2.3.4 to 1.2.3.5.
How to add IP into DirectAdmin but not on system
In some cases you might want to manage the adding of IPs to your device yourself. In these cases, DA shouldn't attempt to add the IP to the device.
The checkbox 'Add to device' in Admin Level -> IP Manager -> Add IP is designed for that.
If you add an IP with this option un-checked, the IP will not be added to the network device, but will be added to the configs for use. If you don't add the IP to the device on your own, services (nginx) will fail to start, since they require IPs in the configs to be working in the device.
The IP config file is /usr/local/directadmin/data/admin/ips/1.2.3.4
, if the option is un-checked, then the following will be added to the above ip config:
add_to_device=no
so that upon reboot, the startips script (which calls the addip) will skip the adding of this ip.
Using multi-IP system
With DirectAdmin 1.37.0 and newer, the multi-IP system allows for multiple IPs to be assigned to a User. This lets the User have unique IPs for each domain they may have on their account (or for multiple IPs per domain, which is useful for IPv6).
To assign a domain its own IP using the multi-IP system (where the User account already has another IP for other domains), do the following:
Ensure the Creator of the User has an IP available. Go to Reseller Level -> IP Management.
If you're assigning an ssl certificate, ensure you see an IP with status "free".
If you're assigning an additional IP to a User and plan on sharing this new IP with other Users as well, it must be set as "shared" (select the IP, click "set as shared"). Only a free IP can become shared.
If it's owned, you must remove it from the User who owns it.
Once your IP is set up as desired, skip to step 3. If it's not in the list, go to step 2.If you do not see the IP in the list, you'll need to assign one to the Reseller. To do this, go to Admin Level -> IP Management , select an IP that is not assigned to any Reseller, then click the "Assign To" button, with the relevant Reseller selected.
At this step, we assume the the Reseller has the additional IP available. To assign this additional IP to the User to use, go to Reseller Level -> List Users -> username -> Modify User username. In the row that says "Add Additional IP", select the IP and click "save". A free IP will not have the word "Shared" beside it.
After this point, the IP will now be assigned to the User, ready for them to use.From here, the User must then assign it to their domain. To do this, login as the User and go to User Level -> Domain Setup -> domain.com , at the bottom of the page, you'll see "Add another IP to domain.com". Select your new IP, and click "Add IP". If needed, remove the other IP from the domain's IP list.
NOTE: that it's normal that you'll see the Apache page or the shared IP page in place of the domain for up to 4 hours. This will be due to DNS propagation
One trick to remove the issue with propagation is to remove the old IP from the domain, but then temporarily re-add it to the domain without the option "Add DNS records for this IP" enabled. What this will do is add the old IP into the Apache configs (to handle the old cached IP), but will not have it in the DNS, so once the old IP expires from the DNS cache (at your ISP's nameservers), only the new IP will remain. After about a day, you can remove the old IP again so it's not in the configs.
IPv6 How-To
This guide will outline where we're at with support and how to use DirectAdmin with IPv6.
- The first step is to tell DirectAdmin that you want to use IPv6. To do this, ipv6 parameter must be enabled in DirectAdmin configuration:
/usr/local/directadmin/directadmin set ipv6 1 restart
/usr/local/directadmin/dataskq d
- Adding IPs to DirectAdmin is done the same way as with IPv4 IPs:
Admin Level -> IP Manager
When adding IPs you can use either the full or short form, but DA will expand it to the full format of IPv6 values. Don't use [] around the IP here, just the IP is fine, e.g, 1:2::9
You can assign IPs to Users normally, as with IPv4. As of 1.37.0, the multi-IP system allows you to assign both an IPv4 and IPv6 IP to an account. See the above guide on how to do that.
The DNS system is ready for IPv6. We have the
dns_a.conf
anddns_aaaa.conf
default records for newly created zones. Each of these template files have checks on the IP type. When an IP is sent to the template, the IP type is also included, so the template can chose to ignore adding any records if the IP type doesn't match its format, or (with customization) you can add some other value if you'd like. For most people, leaving it alone will be best.
NOTE: Backup/Restores with the multi-IP system and DNS are not yet complete. If you use multiple IPs on a domain, you may need to adjust the zone after restore as the "Additional IPs" may still be in the zone, even if the account is on a different IP.
Nowadays services are supporting IPv6 out of the box.
If any issues with named (bind) occur, you might need to add this code to the options section of your named.conf
(RedHat like systems) or into named.conf.options
(Debian like systems) file:
listen-on-v6 port 53 { any; };
But before doing it please check if any listen-on-v6
records are already present there. In other case NAMED service will be broken and will not be able to start.
I want a shared (not server) IP to be shared among many resellers
Starting from DirectAdmin version 1.61 the global IP type has been implemented which allows multiple resellers to use it. This will be set by the Admin in the Admin Level -> IP Manager for a given "shared" IP.
Once an IP is global, it can then be assigned to multiple Resellers, and will be treated as a shared IP.
Accessing the IP directly should go to the Admin's shared area, rather than the Reseller's shared area, from a same page Admin Level -> IP Manager , tick the checkbox near global IP address and assign to desired reseller.
More information available here.
How to create users on a random shared IP
DirectAdmin version 1.595+ has a feature to select random shared IP available for this reseller during the user creation stage. Just select 'Shared - randomly selected' from the dropdown list.
Sample server IP config file
If, for whatever reason, you need to manually rebuild the IP file for your server IP, then add the following code to the /usr/local/directadmin/data/admin/ips/1.2.3.4
file, where 1.2.3.4 would be replaced with your server IP.
gateway=
netmask=255.255.255.0
ns=
reseller=
status=server
value=28
where the "value" would be your best guess at the number of Users on the IP. The nightly tally will update this value for you, so it doesn't need to be perfect.
Also, if the IP is intended to be "owned", then the status will be "owned" instead of "server", and the value will be the name of the User that owns it.
Your licensed IP must always be the server IP. A "shared" IP will have the same contents as the "server" IP, except it will have status=shared, and the reseller value will be set to the Reseller that controls the IP.
Ensure this file is chown'd to "diradmin:diradmin" and chmod'd to 600.
Lastly, ensure that the file /usr/local/directadmin/data/admin/ip.list
contains the IP, one IP per line.
How to mass IP swap for users
DirectAdmin v1.595+ has a new feature where a Reseller can use their "List Users" page to select a set of Users, and pick a new IP to be swapped to.
Similar to the new mass-package setting feature on the same page.
Related to: Reseller Level -> List Users
The form will now offer the ability to select the desired Uses, select the desired IP, and click "Set".
This saves the need to manually set the IP for each User, one at a time.
How to change your server IP address
If your server requires a new server IP due to server move, or network restructuring, follow the following steps to update your license and system.
Boot the server with the new server IP. Do this the same way you did originally for the old server IP. This should be done in your system's network settings and not in DirectAdmin (yet). Do not add the IP to DA through the IP Manager.
Start DirectAdmin if it hasn't been started:
systemctl restart directadmin
The dataskq may have already started it, thus the restart instead of just "start".
- Run the
ipswap.sh
script to replace the old server IP (1.2.3.4) with the new server IP (5.6.7.8):
cd /usr/local/directadmin/scripts
./ipswap.sh 1.2.3.4 5.6.7.8
This script can be run on any IP, so if you want to change all IPs with new ones, just run this script for each old IP with the new IP. Just ensure that you match the new server IP with the old one. As mentioned before, you must not add the new IP to DA through the IP Manager. The new server IP is to be added using the ipswap.sh
script. It will remove the old IP automatically as well.
Restart everything:
systemctl restart pure-ftpd
systemctl restart exim
systemctl restart dovecot
Also you may run this command:
da build rewrite_confs
Make sure they are correctly binding to the new ports by testing them.
NOTE: for any domain that will have its IP changed, you may notice DNS propagation delay. See the the guide how to lower the TTL before an IP change, and also why you may be seeing the Apache or shared IP page after an IP change.