We Keep Coding

Apache (httpd) service is running on Ec2 at port 80 and curl localhost:80 shows the content of index.html file located at /var/www/html

Apache (httpd) service is running on RedHat EC2 instance at port 80 and command "curl localhost:80" shows the content of index.html file located at /var/www/html of the apache server.
Below is the output of command "service httpd status", which shows that apache is running and listening on port 80 as well.
Active: active (running) since Thu 2020-01-23 16:25:44 UTC; 24s ago
Docs: man:httpd.service(8)
Main PID: 1651 (httpd)
Status: "Running, listening on: port 80"
I have opened port 80 for http on my EC2 instance.But when i try to access
the apache using http://<Public IP of EC2 Instance>:80
then browser gives message
"This site can’t be reached".
Please let me know why i am unable to access apache using
http://<Public IP of EC2 Instance>:80
and what would be fix to enable me to access it.
curl localhost:80
returns output as below
hello world
curl Public_IP_OF_EC2:80
returns output as below
curl: (7) Failed to connect to *.*.***.172 port 80: No route to host
The security group rule for my Ec2 instance is to accept all traffic which means port 80 for http is open on my EC2 instance.

Yaws with SSL gives the error "SSL accept failed: timeout"

I used certbot to generate a Let's encrypt certificate for my website, but Yaws gives me an SSL accept failed: timeout error when I try to connect to it (after it times out of course). Interestingly it works when I redirect example.com to the local ip address of the server in the hosts file on my machine and connect to example.com:8080, but not when I connect to example.com without editing the hosts file or when I connect from my phone over 4G. Here's my webserver's configuration file (it is the only configuration file in conf.d):
<server www.example.com>
port = 8080
listen = 0.0.0.0
docroot = /usr/share/yaws
<ssl>
keyfile = /etc/letsencrypt/live/example.com/privkey.pem
certfile = /etc/letsencrypt/live/example.com/fullchain.pem
</ssl>
</server>
I made sure that the keyfile and the certificate are both readable by the yaws user. Next to the keyfiles is a README that contains the following:
`privkey.pem` : the private key for your certificate.
`fullchain.pem`: the certificate file used in most server software.
`chain.pem` : used for OCSP stapling in Nginx >=1.3.7.
`cert.pem` : will break many server configurations, and should not be used
without reading further documentation (see link below).
We recommend not moving these files. For more information, see the Certbot
User Guide at https://certbot.eff.org/docs/using.html#where-are-my-certificates.
So I'm relatively sure I've used the right file (the other ones gave me errors like badmatch and {tls_alert,"decrypt error"}). I also tried trivial things like writing https:// before the URL, but it didn't fix the issue, also, everything works fine when the server is running without SSL. The version of Erlang running on my server is Erlang/OTP 19. Also, if it's unclear, the domain isn't actually example.com.
Also, example.com is redirected via cname to examplecom.duckdns.org, if that matters.
UPDATE:
My server was listening on port 8080, that was forwarded from the external port 80, for https connections, when the default https port is port 443. My other mistake was connecting to http://example.com instead of https://example.com. Forwarding the external port 443 to the internal port 8443 and configuring yaws to listen on port 8443 fixed everything.

Just to be sure to understand, when you do something like curl -v https://example.com:8080, you get a timeout, that's it ? (here https protocol and port 8080 are mandatory of course)
SSL timeout during accept can be triggered when an unencrypted request is received on a SSL vhost.
Could you also provide the output of the following command:
echo -e "HEAD / HTTP/1.0\r\n\r\n" | openssl s_client -connect mysite.com:8080 -ign_eof
And finally, which version of Yaws are you running ? on which OS ?

cKan Failed installation on restarting Apache service

I have installed ckan from this tutorial http://docs.ckan.org/en/latest/maintaining/installing/install-from-package.html
until I came to part 4. Restart Apache and Nginx, I run "sudo service apache2 restart" and got this error:
Restarting web server apache2 (98)Address already in use: AH00072: make_sock: could not bind to address [::]:8080
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:8080
no listening sockets available, shutting down
AH00015: Unable to open logs
Action 'start' failed.
The Apache error log may have more information.
Can anyone help me with this out.
Regards,
Sounay

You're telling Apache to serve on port 8080 but get error 'Address already in use'. Sounds like you are running another server on your machine - port 8080 is a pretty common port to use for web apps.
You can see what is running on port 8080 like this:
sudo netstat -plnt | grep :8080
Now you need to move a server to another port number (e.g. 8081) - either the service you discover, or ckan.
To change CKAN's port, edit ckan's apache & nginx config files and replace '8080' everywhere with the new port number.

haproxy fails to bind sockets with ssl option

I am trying to configure haproxy 1.5 on Ubuntu 3.2.0-91-generic as a TLS proxy for plain TCP traffic to a non-TLS server running on the same machine. The local non-TLS server is running on port 9501, and I want haproxy to listen on port 9500, decrypting incoming TLS connections on that port and forwarding the unencrypted TCP traffic to the server on port 9501. I'm doing all this on 172.28.11.94, which is a local intranet address that's bound to my eth0 interface. My haproxy config looks like this:
listen rtt 172.28.11.94:9500
mode tcp
bind 172.28.11.94:9500 ssl crt /etc/haproxy/cert.pem
option tcplog
server rks 172.28.11.94:9501
haproxy reports that this is valid:
dlobron#bos-lpjbb:/etc/haproxy$ sudo haproxy -f haproxy.cfg -V -c
Configuration file is valid
But when I run haproxy, I get an error:
dlobron#bos-lpjbb:/etc/haproxy$ sudo haproxy -f haproxy.cfg -V
Available polling systems :
poll : pref=200, test result OK
select : pref=150, test result FAILED
Total: 2 (1 usable), will use poll.
Using poll() as the polling mechanism.
[ALERT] 011/114700 (6149) : Starting proxy rtt: cannot bind socket [172.28.11.94:9500]
I verified that my local non-TLS server on port 9501 is fine:
dlobron#bos-lpjbb:/etc/haproxy$ telnet 172.28.11.94 9501
Trying 172.28.11.94...
Connected to bos-lpjbb (172.28.11.94).
Escape character is '^]'.
203 WELCOME
The warning about select() not working is a little strange, but it seems like it's falling back to poll(), which should be fine. But I can't figure out why it can't bind to port 9500 when I run it as root, as I'm doing here. Any help would be much appreciated!

The very helpful guys on the HAProxy mailing list pointed out my problem: the first line of my server stanza is:
listen rtt 172.28.11.94:9500
This is telling HAProxy to bind to 172.28.11.94:9500, and then the "bind" line in my config file is telling it to bind a second time to that same point - hence the error. I changed the first line of the stanza to just:
listen rtt
and it's now fine.

Monit Httpd interface not working

I am trying to use httpd interface to view monit results in web browser.
I have used the below commands in my monitrc file.
set httpd port 2812
allow monit:monit
But when i try to log into web browser with http://localhost:2812/
The page fails with page not found error.
I have ensured that there is no firewall restriction for localhost:2812 port and also from the local host, the port is listening for monit.
$netstat -nlpt |grep 2812
tcp 0 0 0.0.0.0:2812 0.0.0.0:* LISTEN 42291/monit
I dont even get any failure logs under monit.log
Appreciate your help on this concern.

If you want to be able to access from "localhost", you need also the following line:
set httpd port 2812
allow localhost # <-----
allow monit:monit
Regards
Reference: https://www.mmonit.com/monit/documentation/monit.html#MONIT-HTTPD