I have successfully started an AWS instance. I can connect with Putty and also
with WinSCP. I have ports 80 and 443 open and SSH port 22. I have installed LAMP successfully: Apache seems to start OK on the server:
[ec2-user ~]$ chkconfig --list httpd
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
but when I go enter the public DNS address on the browser it gets timed out!
I also get this report from:
[ec2-user ~]$ ls -l /var/www
total 20
drwxrwsr-x 2 root www 4096 Mar 18 20:24 cgi-bin
drwxrwsr-x 3 root www 4096 Apr 16 21:41 error
drwxrwsr-x 2 root www 4096 Apr 16 22:32 html
drwxrwsr-x 3 root www 4096 Apr 16 21:41 icons
drwxrwsr-x 2 root www 4096 Apr 16 21:41 noindex
[ec2-user#ip-172-31-24-2 ~]$ ^C
[ec2-user#ip-172-31-24-2 ~]$
I'm totally new to this so any help much appreciated!
I'm using a Windows 7 machine and the AWS instance is linux.
Can you please send "sudo netstat -nltp". You also said 80 and 443 is open, are these opened via security groups, right?
The first thing to check when a browser times out is the Security Group. Do you have a rule in your instance's security group that will authorize traffic to TCP Port 80 and / or TCP port 443 ?
If this is correct and SSH connectivity to the instance is OK too (it rules out networking issues), then I would check if your Apache server is actually running. Nothing from the command output shared in your question actually proof Apache is running. Type ps ax | grep http to verify http daemon is running or not. Also type netstat -tnlp as suggested in another reply to very http process is actually listening on port TCP 80 or TCP 443
Seb
Related
I checked all over, there are many answers to this issue, but none worked.
I am following this tutorial:
https://www.digitalocean.com/community/tutorials/how-to-install-nagios-4-and-monitor-your-servers-on-ubuntu-16-04
The Nagios host is ubuntu 16.04, the client is ubuntu 18.04
Nagios® Core™ 4.3.4
The Nagios server and web is running ok, I can see the localhost status us 'up' in the dashboard.
Something very weird: I installed NRPE 3.2.1 on both the host and the client, but for some reason on the host is 2.15
Host:
root#nagios-1:/tmp/nrpe-nrpe-3.2.1# /usr/local/nagios/libexec/check_nrpe -H 10.142.0.50
NRPE v2.15
Client:
$ /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1
NRPE v3.2.1
Just to make sure, when running check_nrpe from client to server I am using '-2' option to force v2 packets, but I am still getting to error
I added the client ip to the nrpe.cnf (on server), and to be sure also the server ip to the client nrpe.cfg file.
I enabled debug to see the messages in the syslog. this is the response:
Dec 4 00:35:47 nagios-1 check_nrpe: Remote 10.142.0.50 accepted a Version 2 Packet
Dec 4 00:35:51 nagios-1 nrpe[9953]: Connection from 10.142.0.11 port 49889
Dec 4 00:35:51 nagios-1 nrpe[9953]: Host address is in allowed_hosts
Dec 4 00:35:51 nagios-1 nrpe[9953]: Handling the connection...
Dec 4 00:35:51 nagios-1 nrpe[9953]: Error: Could not complete SSL handshake. 1
Dec 4 00:35:51 nagios-1 nrpe[9953]: Connection from closed.
On the host, port 5666 is open and listening
# netstat -at | grep nrpe
tcp 0 0 *:nrpe *:* LISTEN
tcp6 0 0 [::]:nrpe [::]:* LISTEN
I compiled nrpe with --
I am not using xinetd. I use the daemon
# ps aux | grep nrpe
nagios 9866 0.0 0.1 23960 2680 ? Ss 00:35 0:00 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d
Host nrpe conf file:
# grep -o '^[^#]*' /etc/nagios/nrpe.cfg
log_facility=daemon
pid_file=/var/run/nagios/nrpe.pid
server_port=5666
nrpe_user=nagios
nrpe_group=nagios
allowed_hosts=127.0.0.1, 10.142.0.50, 10.142.0.0/20,10.142.0.11
dont_blame_nrpe=1
allow_bash_command_substitution=0
debug=1
command_timeout=60
connection_timeout=300
command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10
command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200
include=/etc/nagios/nrpe_local.cfg
include_dir=/etc/nagios/nrpe.d/
If you need more info let me know and I will add it.
I found the answer!
I had two versions of NRPE on the host. The deamon was running 2.15. I had to kill this version, and I manually run the 3.2.1 version from its other location
/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -f
After that I was able to get a response in the client
I am trying to get apache to run a bash script which uses ffmpeg to take snapshots from a mp4 stream. I get an "Input/Output" error where ffmpeg is blocked from accessing port 80.
I've gotten apache to run ffmpeg, it just seems to get blocked on port access.
I assume its an selinux permission problem where ffmpeg needs special permissions to be able to access port 80 (or whatever port it is) when run by apache.
The script runs fine from command line, its just launching it remotely that dies.
Thanks for your help!
sudo semanage port -l | grep http_port
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
ls -Z /usr/bin/ffmpeg
-rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/ffmpeg
From var/log/audit/audit.log:
type=AVC msg=audit(1502245154.609:23912): avc: denied { name_connect } for pid=12043 comm="ffmpeg" dest=80 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1502245154.609:23912): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=1775f00 a2=10 a3=7ffd7a6af0d0 items=0 ppid=12041 pid=12043 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="ffmpeg" exe="/usr/bin/ffmpeg" subj=system_u:system_r:httpd_sys_script_t:s0 key=(null)
Running Red Hat Enterprise Linux 7.4
Solved using https://wiki.centos.org/HowTos/SELinux#head-faa96b3fdd922004cdb988c1989e56191c257c01
created policy specific to access requirements - Step 7 in the documentation
I try to restart the apache service on ubuntu 16.04 but i can not because the port '80' is listened to by nginx.
But when I try to stop nginx, the service is not found.
netstat -ltnp | grep ':80'
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6069/nginx
systemctl status nginx
● nginx.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
service nginx stop
Failed to stop nginx.service: Unit nginx.service not loaded.
So how can I stop nginx in order to restart apache ?
Thanks for your help
nginx on your machine was started in other way then systemd standard nginx service.
alex#openresty:~$ ps aux | grep nginx
root 2668 0.0 0.0 41040 928 ? Ss 12:33 0:00 nginx: master process /usr/local/openresty/bin/openresty -p /usr/local/openresty/nginx/
nobody 2669 0.0 0.0 41040 3316 ? S 12:33 0:00 nginx: worker process
Will show you the full path of running nginx with command line arguments. Here is example from my PC (I use Openresty bundle so your paths may vary).
Now take a look at nginx master process command line parameters. If -p is present you should use exactly the same to stop nginx. For my case it should be:
/usr/local/openresty/bin/openresty -p /usr/local/openresty/nginx/ -s stop
If -p is missed you may just
/usr/local/openresty/bin/openresty -s stop
It would stop nginx, but it may be possible that on your PC nginx is configured to run as not standard service, for example hand written systemd unit.
So on every reboot you will have nginx running again.
I am trying to enable ssh connection to suse linux. I have sshd service running:
peeyush#linux-pohb:~/gccgo.work> systemctl status sshd.service
sshd.service - OpenSSH Daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
Active: active (running) since Thu 2015-03-19 18:36:05 IST; 3h 50min ago
Process: 5702 ExecStartPre=/usr/sbin/sshd-gen-keys-start (code=exited, status=0/SUCCESS)
Main PID: 6035 (sshd)
CGroup: /system.slice/sshd.service
└─6035 /usr/sbin/sshd -D
Mar 19 18:36:01 linux-pohb sshd-gen-keys-start[5702]: Checking for missing se...
Mar 19 18:36:05 linux-pohb sshd-gen-keys-start[5702]: ssh-keygen: generating ...
Mar 19 18:36:06 linux-pohb sshd[6035]: Server listening on 0.0.0.0 port 22.
Mar 19 18:36:06 linux-pohb sshd[6035]: Server listening on :: port 22.
Hint: Some lines were ellipsized, use -l to show in full.
It is listening on port 22 fine:
peeyush#linux-pohb:~/gccgo.work> netstat -an | grep :22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 :::22 :::* LISTEN
But I am not able to connect to it.
[root#lep8a peeyush]# ssh root#192.168.122.19
ssh: connect to host 192.168.122.19 port 22: Connection timed out
My head is aching with finding solutions on internet. Nothing is working.
Could you guys please help me out?
Check if your firewall accepts incoming TCP connections on port 22:
# iptables -nL | grep 22
If the result is empty, you have to add a rule in your firewall.
Open Yast and firewall configuration:
# yast firewall
Goto "Allowed Services" and add "Secure Shell Server". Save and quit Yast and try to connect.
Comment: If you have disabled your firewall completly (not recommended) this answer does not apply.
Run this command:
systemctl enable sshd.service
Then make necessary changes in your /etc/ssh/sshd_config file, and start sshd via:
systemctl start sshd.service
I was dealing with the same problem in SUSE Linux Enterprise Server 15 x86-64. Within the system I was able to # ssh 127.0.0.1 (so the sshd service was working correctly), but from other nodes I got a "Timed out" message.
First, I checked the firewall rules (see answer from xloto):
# iptables -nL | grep 22
Resulted in an empty return message, so we need to set an additional rule.
To set the the firewall rule for SSH's standard port 22, I followed another tutorial (as I do not have a GUI):
# firewall-cmd --permanent --add-service=ssh
# firewall-cmd --reload
It worked for my case, but I'm not sure whether this is best practice.
I am using Fedora 20 and recently did a yum update. Now I can't get pound to work anymore. No real errors but just refuse connection:
Following output are copy and pastes from different times but output is always same except pid and time.
[root#mymachine me]# wget --no-check-certificate --debug --verbose https://localhost
Setting --verbose (verbose) to 1
DEBUG output created by Wget 1.14 on linux-gnu.
URI encoding = ‘UTF-8’
--2014-11-06 11:59:53-- https://localhost/
Resolving localhost (localhost)... ::1, 127.0.0.1
Caching localhost => ::1 127.0.0.1
Connecting to localhost (localhost)|::1|:443... Closed fd 3
failed: Connection refused.
Connecting to localhost (localhost)|127.0.0.1|:443... Closed fd 3
failed: Connection refused.
Releasing 0x0000000001f33280 (new refcount 1).
[root#mymachine me]# service pound status
Redirecting to /bin/systemctl status pound.service
pound.service - Pound Reverse Proxy And Load-balancer
Loaded: loaded (/usr/lib/systemd/system/pound.service; enabled)
Active: active (running) since Thu 2014-11-06 11:30:12 EST; 6min ago
Process: 3019 ExecStart=/usr/sbin/pound (code=exited, status=0/SUCCESS)
Main PID: 3020 (pound)
CGroup: /system.slice/pound.service
├─3020 /usr/sbin/pound
└─3021 /usr/sbin/pound
Nov 06 11:30:12 mymachine systemd[1]: Starting Pound Reverse Proxy And Load-balancer...
Nov 06 11:30:12 mymachine pound[3019]: starting...
Nov 06 11:30:12 mymachine systemd[1]: PID file /var/run/pound.pid not readable (yet?) after start.
Nov 06 11:30:12 mymachine systemd[1]: Started Pound Reverse Proxy And Load-balancer.
[root#mymachine me]#
[root#mymachine me]# netstat -tulpn | grep pound
tcp 0 0 myip:443 0.0.0.0:* LISTEN 1379/pound
I can wget http:[stack complains about links//]localhost:80 (varnish) and wget http:[stack complains about links//]localhost:8080 (apache) I'm using a self signed pem file that can be found (no errors there), before I would have the "get me out of here" and "I know what I'm doing" from the browser but now it won't even connect with wget on localhost.
This is the /etc/pound.cfg:
User "pound"
Group "pound"
Control "/var/lib/pound/pound.cfg"
ListenHTTPS
Address 128.199.217.77
Port 443
Cert "/var/www/html/test.pem"
Service
BackEnd
Address localhost
Port 80
End
End
End
It was an iptables problem. Added the rule to open port 443 with the iptables command, rules are not saved in any way when doing so. Used firewall-cmd instead:
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
firewall-cmd --list-services
When using wget you can't use localhost as pound isn't listening there, the command should be:
[root#mymachine me]# wget --no-check-certificate --debug --verbose https://my.ip.address