I m trying to deploy my 1st ASP.NET Core 2.2 API on AWS RHEL 7.5
my /etc/systemd/system/kestrel-mytest.service
[Unit]
Description=.NET Prototypes Application on Linux
[Service]
WorkingDirectory=/home/ec2-user/webapi
ExecStart=/usr/bin/dotnet /home/ec2-user/webapi/prototypes.dll
Restart=always
# Restart service after 10 seconds if the dotnet service crashes:
RestartSec=10
KillSignal=SIGINT
SyslogIdentifier=dotnet-example
User=apache
Environment=ASPNETCORE_ENVIRONMENT=Production
Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false
TimeoutStopSec=90
[Install]
WantedBy=multi-user.target
now I am facing with:
[ec2-user#ip-172-31-6-33 dotnet]$ sudo systemctl status kestrel-mytest.service
â kestrel-mytest.service - .NET Prototypes Application on Linux
Loaded: loaded (/etc/systemd/system/kestrel-mytest.service; disabled; vendor preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Tue 2019-02-19 14:06:39 UTC; 6s ago
Process: 3902 ExecStart=/usr/bin/dotnet /home/ec2-user/webapi/prototypes.dll (code=exited, status=145)
Main PID: 3902 (code=exited, status=145)
Feb 19 14:06:39 ip-172-31-6-33.ap-southeast-1.compute.internal systemd[1]: kestrel-mytest.service: main process exited, code=exited, status=145/n/a
Feb 19 14:06:39 ip-172-31-6-33.ap-southeast-1.compute.internal systemd[1]: Unit kestrel-mytest.service entered failed state.
Feb 19 14:06:39 ip-172-31-6-33.ap-southeast-1.compute.internal systemd[1]: kestrel-mytest.service failed.
[ec2-user#ip-172-31-6-33 dotnet]$
what I missed?..
thanks a lot in advance
Don
this would resolved:
working directory MUST be the same as DocumentRoot of Apache (/etc/httpd/conf/httpd.conf) (in my case, DocumentRoot is /var/www/html/ so, it should be:
WorkingDirectory=/var/www/html/webapi, do does the ExecStart as below:
ExecStart=/usr/bin/dotnet /var/www/html/webapi/prototypes.dll
things to consider:
chown -R apache:your_group /var/www/html/webapi
don't forget to stop and start kestrel to take effect.
systemctl stop kestrel-xxx
systemctl start kestrel-xxx
systemctl enable kestrel-xxx to automate start after machine rebooted
to check dotnet listener port status
sudo lsof -i -P -n | grep LISTEN
I configured httpd with Chef via community httpd recipe.
https://github.com/chef-cookbooks/httpd
httpd_service "default" do
action [:create, :start]
end
After executing above code, sudo service httpd-default graceful gives the following error:
httpd: apr_sockaddr_info_get() failed for web01
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
httpd not running, trying to start
(98)Address already in use: make_sock: could not bind to address [::]:80
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
sudo service httpd-default status says httpd is running.
How can I gracefully restart httpd manually?
My target server is CentOS 6.6.
sudo apachectl -f /etc/httpd-default/conf/httpd.conf -k graceful
this command resolved my problem.
I am using Fedora 20 and recently did a yum update. Now I can't get pound to work anymore. No real errors but just refuse connection:
Following output are copy and pastes from different times but output is always same except pid and time.
[root#mymachine me]# wget --no-check-certificate --debug --verbose https://localhost
Setting --verbose (verbose) to 1
DEBUG output created by Wget 1.14 on linux-gnu.
URI encoding = ‘UTF-8’
--2014-11-06 11:59:53-- https://localhost/
Resolving localhost (localhost)... ::1, 127.0.0.1
Caching localhost => ::1 127.0.0.1
Connecting to localhost (localhost)|::1|:443... Closed fd 3
failed: Connection refused.
Connecting to localhost (localhost)|127.0.0.1|:443... Closed fd 3
failed: Connection refused.
Releasing 0x0000000001f33280 (new refcount 1).
[root#mymachine me]# service pound status
Redirecting to /bin/systemctl status pound.service
pound.service - Pound Reverse Proxy And Load-balancer
Loaded: loaded (/usr/lib/systemd/system/pound.service; enabled)
Active: active (running) since Thu 2014-11-06 11:30:12 EST; 6min ago
Process: 3019 ExecStart=/usr/sbin/pound (code=exited, status=0/SUCCESS)
Main PID: 3020 (pound)
CGroup: /system.slice/pound.service
├─3020 /usr/sbin/pound
└─3021 /usr/sbin/pound
Nov 06 11:30:12 mymachine systemd[1]: Starting Pound Reverse Proxy And Load-balancer...
Nov 06 11:30:12 mymachine pound[3019]: starting...
Nov 06 11:30:12 mymachine systemd[1]: PID file /var/run/pound.pid not readable (yet?) after start.
Nov 06 11:30:12 mymachine systemd[1]: Started Pound Reverse Proxy And Load-balancer.
[root#mymachine me]#
[root#mymachine me]# netstat -tulpn | grep pound
tcp 0 0 myip:443 0.0.0.0:* LISTEN 1379/pound
I can wget http:[stack complains about links//]localhost:80 (varnish) and wget http:[stack complains about links//]localhost:8080 (apache) I'm using a self signed pem file that can be found (no errors there), before I would have the "get me out of here" and "I know what I'm doing" from the browser but now it won't even connect with wget on localhost.
This is the /etc/pound.cfg:
User "pound"
Group "pound"
Control "/var/lib/pound/pound.cfg"
ListenHTTPS
Address 128.199.217.77
Port 443
Cert "/var/www/html/test.pem"
Service
BackEnd
Address localhost
Port 80
End
End
End
It was an iptables problem. Added the rule to open port 443 with the iptables command, rules are not saved in any way when doing so. Used firewall-cmd instead:
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
firewall-cmd --list-services
When using wget you can't use localhost as pound isn't listening there, the command should be:
[root#mymachine me]# wget --no-check-certificate --debug --verbose https://my.ip.address
I am trying to start the rabbitmq server in centos 7. I installed erlang as it is a dependency to rabbitmq-server. Package erlang.x86_64 0:R16B-03.7.el7 .I then Installed rabbitmq using package rabbitmq-server-3.2.2-1.noarch.rpm. Installation was successful. I enabled management console uisng rabbitmq-plugins enable rabbitmq_management. But while starting the service rabbitmq-server it fails.
[root#tve-centos ~]# systemctl start rabbitmq-server.service
Job for rabbitmq-server.service failed. See 'systemctl status rabbitmq-server.service' and 'journalctl -xn' for details.
[root#tve-centos ~]# systemctl status rabbitmq-server.service
rabbitmq-server.service - LSB: Enable AMQP service provided by RabbitMQ broker
Loaded: loaded (/etc/rc.d/init.d/rabbitmq-server)
Active: failed (Result: exit-code) since Fri 2014-09-12 13:07:05 PDT; 8s ago
Process: 20235 ExecStart=/etc/rc.d/init.d/rabbitmq-server start (code=exited, status=1/FAILURE)
Sep 12 13:07:04 tve-centos su[20245]: (to rabbitmq) root on none
Sep 12 13:07:05 tve-centos su[20296]: (to rabbitmq) root on none
Sep 12 13:07:05 tve-centos su[20299]: (to rabbitmq) root on none
Sep 12 13:07:05 tve-centos rabbitmq-server[20235]: Starting rabbitmq-server: FAILED - check /var/log/rabbitmq/startup_{log, _err}
Sep 12 13:07:05 tve-centos rabbitmq-server[20235]: rabbitmq-server.
Sep 12 13:07:05 tve-centos systemd[1]: rabbitmq-server.service: control process exited, code=exited status=1
Sep 12 13:07:05 tve-centos systemd[1]: Failed to start LSB: Enable AMQP service provided by RabbitMQ broker.
Sep 12 13:07:05 tve-centos systemd[1]: Unit rabbitmq-server.service entered failed state.
and logs shows /var/log/rabbitmq/startup_log
BOOT FAILED
===========
Error description:
{could_not_start,rabbitmq_management,
{could_not_start_listener,[{port,15672}],eacces}}
Log files (may contain more information):
/var/log/rabbitmq/rabbit#tve-centos.log
/var/log/rabbitmq/rabbit#tve-centos-sasl.log
but no process is using port 15672
But if I try to start it using /usr/sbin/rabbitmq-server .I successfully started the service. But my requirements are to start it using the systemctl.
Better answer would be to actually fix SELinux and the firewall.
Open the port:
firewall-cmd --permanent --add-port=5672/tcp
firewall-cmd --reload
setsebool -P nis_enabled 1
That works for me.
It looks like a port issue. To confirm that
systemctl stop firewalld
systemctl disable firewalld
And disable SELinux for the time being in /etc/selinux/config file
SELINUX=disabled
Try reboot your machine and see whether the issue persists.
After running this command:
[root#gcp-hehe-amqp ~]# /sbin/service rabbitmq-server start
And getting the error:
Redirecting to /bin/systemctl start rabbitmq-server.service
Job for rabbitmq-server.service failed because the control process exited with error code. See "systemctl status rabbitmq-server.service" and "journalctl -xe" for details"
After many attempts, I solved the error by following this:
run command:
firewall-cmd --permanent --add-port=5672/tcp
then: firewall-cmd --reload
change this: SELINUX=disabled at /etc/selinux/config
Enable the proxy protocol to true at /etc/rabbitmq/rabbitmq.conf
proxy_protocol = true
I am trying to start httpd server on centos 6. It throws following error :
[root#machine ~]# service httpd start
Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:88
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:88
no listening sockets available, shutting down
Unable to open logs
[FAILED]
I have also checked for port 88, It is not is use.
I also checked with semanage, but it didn't help.
Any help will be appreciated.
I happened to run into this problem because of missing SELinux permissions. By default, SELinux only allowed apache/httpd to bind to the following ports:
80, 81, 443, 488, 8008, 8009, 8443, 9000
So binding to my httpd.conf-configured Listen 88 HTTP port and config.d/ssl.conf-configured Listen 8445 TLS/SSL port would fail with that default SELinux configuration.
To fix my problem, I had to add ports 88 and 8445 to my system's SELinux configuration:
Install semanage tools: sudo yum -y install policycoreutils-python
Allow port 88 for httpd: sudo semanage port -a -t http_port_t -p tcp 88
Allow port 8445 for httpd: sudo semanage port -a -t http_port_t -p tcp 8445
Seems like you are running it not as "root". Only root can bind to this port (80).
Check your configuration in the conf/httpd.conf file, Listen line and change the port to higher one.
This is an addition to the answer by Abdull somewhere in this thread:
I had to modify instead of adding a port
semanage port -m -t http_port_t -p tcp 5000
because I get this error on adding the port
ValueError: Port tcp/5000 already defined
At terminal run this command with root permission:
sudo /etc/init.d/apache2 start
You must be root for starting a webserver otherwise you would get similar error.
With my centos 6.7 installation, not only did I have the problem starting httpd with root but also with xauth (getting /usr/bin/xauth: timeout in locking authority file /.Xauthority with underlying permission denied errors)
# setenforce 0
Fixed both issues.
Disable SELinux
Disable SELinux temporarily
sudo setenforce 0
Restart httpd service
service httpd restart
Disable SELinux persistently (after reboot)
vi /etc/selinux/config
Add line and save
SELINUX=disabled
In my case, I tried to first use port 88 instead, and even then the httpd won't start.
I used the below command, i.e. modify instead of add, as suggested by one of users, and was able to run httpd.
semanage port -a -t http_port_t -p tcp 88
after disable SELINUX, any port is aviable.
sudo -s;
setenforce 0;
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config;
In Linux(Centos 6 or higher) ports from 0 to 1024 are reserved for system use.
you can force the system to bind to address any port lower than 1024 if you use root or privileged user.
I installed Apache-2.4 from source with non-root user and I solved this problem by allowing port higher than 1024(ex:8080) and modified http.conf file. chang Listen 80 to Listen 8080
I had similar error while trying to start httpd service for openstack train installation in RHEL 7.5 too.
-- Unit httpd.service has begun starting up.
Jan 31 10:11:16 controller httpd[1631]: (13)Permission denied: AH00072: make_sock: could not bind to address 10.0.0.11:5000
Jan 31 10:11:16 controller httpd[1631]: no listening sockets available, shutting down
Jan 31 10:11:16 controller httpd[1631]: AH00015: Unable to open logs
Jan 31 10:11:16 controller systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Jan 31 10:11:16 controller kill[1632]: kill: cannot find process ""
Jan 31 10:11:16 controller systemd[1]: httpd.service: control process exited, code=exited status=1
Jan 31 10:11:16 controller systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit httpd.service has failed
Solution: It got resolved by disabling SElinux.
I edited /etc/selinux/config, set SELINUX=disabled, then reboot; then it worked.
Alternately, you can run setenforce 0; you don't need reboot, but this is once used.
Just to add more info about this error, I had the similar error on CentOS 8.2:
sudo journalctl -xe
Error:
Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:8081
So, I used the commands from Abdull and Ulrich-Lorenz Schlüter as a follow:
Install semanage tools for CentOS 8.2: sudo yum -y install policycoreutils-python-utils
(For more info: https://www.cyberciti.biz/faq/redhat-install-semanage-selinux-command-rpm )
Allow port 8081 for httpd: sudo semanage port -a -t http_port_t -p tcp 8081
I got the following output: ValueError: Port tcp/8081 already defined
So, I ran:
sudo semanage port -m -t http_port_t -p tcp 8081
As Ulrich-Lorenz Schlüter mentioned.
Then: sudo systemctl start httpd
Now it is working fine.
The actual solution here is to modify the existing port if it exists. For instance, when:
semanage port -a -t http_port_t -p tcp 88
ends up with:
ValueError: Port tcp/88 already defined
then it's very likely the port is having a different type, and to modify it, simply use:
semanage port -m -t http_port_t -p tcp 88
and then, you need to open that port via firewall-cmd if has been closed in your zone.
Also: disabling SELinux is a potential security vulnerability, don't do this on production instances!
Start with root user or with sudo, it works fine, here is sample output:
[ec2-user#ip-172-31-12-164 ~]$ service httpd start
Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:80
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
**[FAILED]**
[ec2-user#ip-172-31-12-164 ~]$ sudo service httpd start
Starting httpd: [ OK ]
[ec2-user#ip-172-31-12-164 ~]$ sudo service httpd status
httpd (pid 3077) is running...
First kill all the hanged instances of httpd, and then try restarting Apache:
service httpd restart