I try to restart the apache service on ubuntu 16.04 but i can not because the port '80' is listened to by nginx.
But when I try to stop nginx, the service is not found.
netstat -ltnp | grep ':80'
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6069/nginx
systemctl status nginx
● nginx.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
service nginx stop
Failed to stop nginx.service: Unit nginx.service not loaded.
So how can I stop nginx in order to restart apache ?
Thanks for your help
nginx on your machine was started in other way then systemd standard nginx service.
alex#openresty:~$ ps aux | grep nginx
root 2668 0.0 0.0 41040 928 ? Ss 12:33 0:00 nginx: master process /usr/local/openresty/bin/openresty -p /usr/local/openresty/nginx/
nobody 2669 0.0 0.0 41040 3316 ? S 12:33 0:00 nginx: worker process
Will show you the full path of running nginx with command line arguments. Here is example from my PC (I use Openresty bundle so your paths may vary).
Now take a look at nginx master process command line parameters. If -p is present you should use exactly the same to stop nginx. For my case it should be:
/usr/local/openresty/bin/openresty -p /usr/local/openresty/nginx/ -s stop
If -p is missed you may just
/usr/local/openresty/bin/openresty -s stop
It would stop nginx, but it may be possible that on your PC nginx is configured to run as not standard service, for example hand written systemd unit.
So on every reboot you will have nginx running again.
Related
I am trying to get apache to run a bash script which uses ffmpeg to take snapshots from a mp4 stream. I get an "Input/Output" error where ffmpeg is blocked from accessing port 80.
I've gotten apache to run ffmpeg, it just seems to get blocked on port access.
I assume its an selinux permission problem where ffmpeg needs special permissions to be able to access port 80 (or whatever port it is) when run by apache.
The script runs fine from command line, its just launching it remotely that dies.
Thanks for your help!
sudo semanage port -l | grep http_port
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
ls -Z /usr/bin/ffmpeg
-rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/ffmpeg
From var/log/audit/audit.log:
type=AVC msg=audit(1502245154.609:23912): avc: denied { name_connect } for pid=12043 comm="ffmpeg" dest=80 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1502245154.609:23912): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=1775f00 a2=10 a3=7ffd7a6af0d0 items=0 ppid=12041 pid=12043 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="ffmpeg" exe="/usr/bin/ffmpeg" subj=system_u:system_r:httpd_sys_script_t:s0 key=(null)
Running Red Hat Enterprise Linux 7.4
Solved using https://wiki.centos.org/HowTos/SELinux#head-faa96b3fdd922004cdb988c1989e56191c257c01
created policy specific to access requirements - Step 7 in the documentation
I am trying to enable ssh connection to suse linux. I have sshd service running:
peeyush#linux-pohb:~/gccgo.work> systemctl status sshd.service
sshd.service - OpenSSH Daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
Active: active (running) since Thu 2015-03-19 18:36:05 IST; 3h 50min ago
Process: 5702 ExecStartPre=/usr/sbin/sshd-gen-keys-start (code=exited, status=0/SUCCESS)
Main PID: 6035 (sshd)
CGroup: /system.slice/sshd.service
└─6035 /usr/sbin/sshd -D
Mar 19 18:36:01 linux-pohb sshd-gen-keys-start[5702]: Checking for missing se...
Mar 19 18:36:05 linux-pohb sshd-gen-keys-start[5702]: ssh-keygen: generating ...
Mar 19 18:36:06 linux-pohb sshd[6035]: Server listening on 0.0.0.0 port 22.
Mar 19 18:36:06 linux-pohb sshd[6035]: Server listening on :: port 22.
Hint: Some lines were ellipsized, use -l to show in full.
It is listening on port 22 fine:
peeyush#linux-pohb:~/gccgo.work> netstat -an | grep :22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 :::22 :::* LISTEN
But I am not able to connect to it.
[root#lep8a peeyush]# ssh root#192.168.122.19
ssh: connect to host 192.168.122.19 port 22: Connection timed out
My head is aching with finding solutions on internet. Nothing is working.
Could you guys please help me out?
Check if your firewall accepts incoming TCP connections on port 22:
# iptables -nL | grep 22
If the result is empty, you have to add a rule in your firewall.
Open Yast and firewall configuration:
# yast firewall
Goto "Allowed Services" and add "Secure Shell Server". Save and quit Yast and try to connect.
Comment: If you have disabled your firewall completly (not recommended) this answer does not apply.
Run this command:
systemctl enable sshd.service
Then make necessary changes in your /etc/ssh/sshd_config file, and start sshd via:
systemctl start sshd.service
I was dealing with the same problem in SUSE Linux Enterprise Server 15 x86-64. Within the system I was able to # ssh 127.0.0.1 (so the sshd service was working correctly), but from other nodes I got a "Timed out" message.
First, I checked the firewall rules (see answer from xloto):
# iptables -nL | grep 22
Resulted in an empty return message, so we need to set an additional rule.
To set the the firewall rule for SSH's standard port 22, I followed another tutorial (as I do not have a GUI):
# firewall-cmd --permanent --add-service=ssh
# firewall-cmd --reload
It worked for my case, but I'm not sure whether this is best practice.
I am trying to start httpd server on centos 6. It throws following error :
[root#machine ~]# service httpd start
Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:88
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:88
no listening sockets available, shutting down
Unable to open logs
[FAILED]
I have also checked for port 88, It is not is use.
I also checked with semanage, but it didn't help.
Any help will be appreciated.
I happened to run into this problem because of missing SELinux permissions. By default, SELinux only allowed apache/httpd to bind to the following ports:
80, 81, 443, 488, 8008, 8009, 8443, 9000
So binding to my httpd.conf-configured Listen 88 HTTP port and config.d/ssl.conf-configured Listen 8445 TLS/SSL port would fail with that default SELinux configuration.
To fix my problem, I had to add ports 88 and 8445 to my system's SELinux configuration:
Install semanage tools: sudo yum -y install policycoreutils-python
Allow port 88 for httpd: sudo semanage port -a -t http_port_t -p tcp 88
Allow port 8445 for httpd: sudo semanage port -a -t http_port_t -p tcp 8445
Seems like you are running it not as "root". Only root can bind to this port (80).
Check your configuration in the conf/httpd.conf file, Listen line and change the port to higher one.
This is an addition to the answer by Abdull somewhere in this thread:
I had to modify instead of adding a port
semanage port -m -t http_port_t -p tcp 5000
because I get this error on adding the port
ValueError: Port tcp/5000 already defined
At terminal run this command with root permission:
sudo /etc/init.d/apache2 start
You must be root for starting a webserver otherwise you would get similar error.
With my centos 6.7 installation, not only did I have the problem starting httpd with root but also with xauth (getting /usr/bin/xauth: timeout in locking authority file /.Xauthority with underlying permission denied errors)
# setenforce 0
Fixed both issues.
Disable SELinux
Disable SELinux temporarily
sudo setenforce 0
Restart httpd service
service httpd restart
Disable SELinux persistently (after reboot)
vi /etc/selinux/config
Add line and save
SELINUX=disabled
In my case, I tried to first use port 88 instead, and even then the httpd won't start.
I used the below command, i.e. modify instead of add, as suggested by one of users, and was able to run httpd.
semanage port -a -t http_port_t -p tcp 88
after disable SELINUX, any port is aviable.
sudo -s;
setenforce 0;
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config;
In Linux(Centos 6 or higher) ports from 0 to 1024 are reserved for system use.
you can force the system to bind to address any port lower than 1024 if you use root or privileged user.
I installed Apache-2.4 from source with non-root user and I solved this problem by allowing port higher than 1024(ex:8080) and modified http.conf file. chang Listen 80 to Listen 8080
I had similar error while trying to start httpd service for openstack train installation in RHEL 7.5 too.
-- Unit httpd.service has begun starting up.
Jan 31 10:11:16 controller httpd[1631]: (13)Permission denied: AH00072: make_sock: could not bind to address 10.0.0.11:5000
Jan 31 10:11:16 controller httpd[1631]: no listening sockets available, shutting down
Jan 31 10:11:16 controller httpd[1631]: AH00015: Unable to open logs
Jan 31 10:11:16 controller systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Jan 31 10:11:16 controller kill[1632]: kill: cannot find process ""
Jan 31 10:11:16 controller systemd[1]: httpd.service: control process exited, code=exited status=1
Jan 31 10:11:16 controller systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit httpd.service has failed
Solution: It got resolved by disabling SElinux.
I edited /etc/selinux/config, set SELINUX=disabled, then reboot; then it worked.
Alternately, you can run setenforce 0; you don't need reboot, but this is once used.
Just to add more info about this error, I had the similar error on CentOS 8.2:
sudo journalctl -xe
Error:
Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:8081
So, I used the commands from Abdull and Ulrich-Lorenz Schlüter as a follow:
Install semanage tools for CentOS 8.2: sudo yum -y install policycoreutils-python-utils
(For more info: https://www.cyberciti.biz/faq/redhat-install-semanage-selinux-command-rpm )
Allow port 8081 for httpd: sudo semanage port -a -t http_port_t -p tcp 8081
I got the following output: ValueError: Port tcp/8081 already defined
So, I ran:
sudo semanage port -m -t http_port_t -p tcp 8081
As Ulrich-Lorenz Schlüter mentioned.
Then: sudo systemctl start httpd
Now it is working fine.
The actual solution here is to modify the existing port if it exists. For instance, when:
semanage port -a -t http_port_t -p tcp 88
ends up with:
ValueError: Port tcp/88 already defined
then it's very likely the port is having a different type, and to modify it, simply use:
semanage port -m -t http_port_t -p tcp 88
and then, you need to open that port via firewall-cmd if has been closed in your zone.
Also: disabling SELinux is a potential security vulnerability, don't do this on production instances!
Start with root user or with sudo, it works fine, here is sample output:
[ec2-user#ip-172-31-12-164 ~]$ service httpd start
Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:80
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
**[FAILED]**
[ec2-user#ip-172-31-12-164 ~]$ sudo service httpd start
Starting httpd: [ OK ]
[ec2-user#ip-172-31-12-164 ~]$ sudo service httpd status
httpd (pid 3077) is running...
First kill all the hanged instances of httpd, and then try restarting Apache:
service httpd restart
I have a micro instance on AWS that shows that it is running fine on Amazons dashboard
However when i log into the instance with SSH and try to start or stop apache
sudo service httpd stop
sudo service httpd start
I get [FAILED]
sudo apachectl start
doesnt return anything
sudo apachectl restart gives me httpd not running, trying to start
What am i missing? it seems to be doing this out of the blue
is there any command line i can test to see where the issue is coming from?
Have you changed anything in the configuration file?
/etc/init.d/httpd configtest
Is there something else listening on port 80?
fuser -n tcp 80
Update: Already fixed, it seems that one of VirtualHosts configurations files was wrong in sites-enabled.
I have Ubuntu 11.10
When I run the command to start apache2:
sudo /etc/init.d/apache2 start
I get the following error message:
Starting web server apache2
apache2: Could not reliably determine the server's fully qualified
domain name, using 127.0.1.1 for ServerName (98)Address already in
use: make_sock: could not bind to address 0.0.0.0:80 no listening
sockets available, shutting down Unable to open logs Action 'start'
failed.
I run this command in order to get the process that is using the port 80:
sudo netstat -ltnp | grep ':80'
Which returns this output:
tcp6 0 0 :::80 :::* LISTEN 1176/
To know which process is I run this command:
ps -wlp1176
That returns:
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
5 D 33 1176 1 0 80 0 - 0 exit ? 00:00:00 apache2
But if I try to kill the process:
sudo kill -9 1176
It doesn't kill it, if I run again the netstat command still appears listening and apache start fails.
Any suggestions?
Worked for me running this command:
fuser -k -n tcp 80
It may be skype or nginx using the port 80.
Try shutting down skype, or running: sudo /etc/init.d/nginx stop
I had the same error, and just want to confirm that running
sudo netstat -ltnp | grep ':80'
helped me indicate that Hiawatha webserver was in the way of Apache2.
Removing Hiawatha fixed the issue (sudo dpkg --purge hiawatha).
Ubuntu 12.04.2 server.
I had the same problem
For me, apache was already running but it was running the wrong way.
Killing processes didnt work because a daemon kept reinstantiating it.
apachectl stop
resolved the issue.
use either
sudo killall httpd
or
sudo killall apache2
check if some one using the 80 port
sudo netstat -tulpn| grep :80
The restart
sudo service httpd start
then restart the server.It took me a whole day to understand the issue
Try this, it works for me…
sudo netstat -ltnp | grep ':80'
This would return the following:
tcp6 0 0 :::80 :::* LISTEN 1047/apache2
Then
sudo kill -9 1047
Then I was able to restart Apache and everything was working fine.
Go to device manager, select “show hidden devices” from menu/view, go to “Non-Plug and Play Driver”/HTTP, double click it to disable it (and disable or manual some services depended on it).
Reboot and enjoy!
This will happen because of repeated installation of apache or port is using by another service
sudo lsof -i | grep "httpd"
You will find process id and listening port of service. Then check
cd /proc/(process id of http)
Then kill that process using command
kill -9 pid
now
sudo netstat -nltp
again kill the process
syntax:-
kill -9 pid
and now start apache
sudo ./apachectl start
It look like other process is using port 80.
$ netstat -anp | grep
eg. $ netstat -anp | grep 80
by above you get process name, if you want to use port then you need to stop the process or change the port
What I would do is simply check if the following is set in your /etc/apache2/sites-available/your-domain-name.com.conf
SSLEngine on
SSLCertificateFile /your/path/to/your-domain.com.crt
SSLCertificateKeyFile /your/path/to/your-domain.com.key
SSLCACertificateFile /your/path/to/your-domain.com.ca-bundle
and there aren't any mistyped directories or anything else that would not supposed to be in your .conf file. It did the trick for me as re-starting and killing the processes did not help at all. It did not start anyway.
I fixed it by using below procedure.
Run below command as root user.
root# ps aux |grep apache
It will show you Apache PID, just kill that PIDs and restart Apache Server.
You can only have listen PORTNUMBER in only one file of .conf. Do not put it in multiple files. Try it :)