I am using Fedora 20 and recently did a yum update. Now I can't get pound to work anymore. No real errors but just refuse connection:
Following output are copy and pastes from different times but output is always same except pid and time.
[root#mymachine me]# wget --no-check-certificate --debug --verbose https://localhost
Setting --verbose (verbose) to 1
DEBUG output created by Wget 1.14 on linux-gnu.
URI encoding = ‘UTF-8’
--2014-11-06 11:59:53-- https://localhost/
Resolving localhost (localhost)... ::1, 127.0.0.1
Caching localhost => ::1 127.0.0.1
Connecting to localhost (localhost)|::1|:443... Closed fd 3
failed: Connection refused.
Connecting to localhost (localhost)|127.0.0.1|:443... Closed fd 3
failed: Connection refused.
Releasing 0x0000000001f33280 (new refcount 1).
[root#mymachine me]# service pound status
Redirecting to /bin/systemctl status pound.service
pound.service - Pound Reverse Proxy And Load-balancer
Loaded: loaded (/usr/lib/systemd/system/pound.service; enabled)
Active: active (running) since Thu 2014-11-06 11:30:12 EST; 6min ago
Process: 3019 ExecStart=/usr/sbin/pound (code=exited, status=0/SUCCESS)
Main PID: 3020 (pound)
CGroup: /system.slice/pound.service
├─3020 /usr/sbin/pound
└─3021 /usr/sbin/pound
Nov 06 11:30:12 mymachine systemd[1]: Starting Pound Reverse Proxy And Load-balancer...
Nov 06 11:30:12 mymachine pound[3019]: starting...
Nov 06 11:30:12 mymachine systemd[1]: PID file /var/run/pound.pid not readable (yet?) after start.
Nov 06 11:30:12 mymachine systemd[1]: Started Pound Reverse Proxy And Load-balancer.
[root#mymachine me]#
[root#mymachine me]# netstat -tulpn | grep pound
tcp 0 0 myip:443 0.0.0.0:* LISTEN 1379/pound
I can wget http:[stack complains about links//]localhost:80 (varnish) and wget http:[stack complains about links//]localhost:8080 (apache) I'm using a self signed pem file that can be found (no errors there), before I would have the "get me out of here" and "I know what I'm doing" from the browser but now it won't even connect with wget on localhost.
This is the /etc/pound.cfg:
User "pound"
Group "pound"
Control "/var/lib/pound/pound.cfg"
ListenHTTPS
Address 128.199.217.77
Port 443
Cert "/var/www/html/test.pem"
Service
BackEnd
Address localhost
Port 80
End
End
End
It was an iptables problem. Added the rule to open port 443 with the iptables command, rules are not saved in any way when doing so. Used firewall-cmd instead:
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
firewall-cmd --list-services
When using wget you can't use localhost as pound isn't listening there, the command should be:
[root#mymachine me]# wget --no-check-certificate --debug --verbose https://my.ip.address
Related
I am trying to create a web server on my ubuntu 18.04 so i installed Apache2
but i can't start it.
Here's what appeared when i run the systemctl status apache2.service command
apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: failed (Result: exit-code) since Sat 2020-02-22 13:58:09 CET; 34s ago
Process: 2791 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)
Feb 22 13:58:09 moemen apachectl[2791]: AH00558: apache2: Could not reliably determine the server's
Feb 22 13:58:09 moemen apachectl[2791]: (98)Address already in use: AH00072: make_sock: could not b
Feb 22 13:58:09 moemen apachectl[2791]: (98)Address already in use: AH00072: make_sock: could not b
Feb 22 13:58:09 moemen apachectl[2791]: no listening sockets available, shutting down
Feb 22 13:58:09 moemen apachectl[2791]: AH00015: Unable to open logs
Feb 22 13:58:09 moemen apachectl[2791]: Action 'start' failed.
Feb 22 13:58:09 moemen apachectl[2791]: The Apache error log may have more information.
Feb 22 13:58:09 moemen systemd[1]: apache2.service: Control process exited, code=exited status=1
Feb 22 13:58:09 moemen systemd[1]: apache2.service: Failed with result 'exit-code'.
Feb 22 13:58:09 moemen systemd[1]: Failed to start The Apache HTTP Server.
I'm new at this can you please help me
I also faced same problem.
First check
$ sudo systemctl status nginx
If nginx is active then stop this with
$ sudo systemctl stop nginx
then again try to start apache2 server in different terminal.
first remove apache2
sudo apt-get --purge remove apache2
sudo apt-get autoremove
after that if there files (.conf) /etc/sites-available remove them using
rm example.com.conf
then install again
sudo apt-get install apache2
now it will fixed
check it now
sudo ufw allow 'Apache'
sudo systemctl status apache2
Let me give a more general answer than the first 2. One possible problem with Apache is, when we try to run it, it may fail because port 80 is used by another software:
a common case is nginx which is covered by Devashish Mishra
in my case it was a server app that I deployed (in node.js, I had to tell pm2 to stop it)
in general, you may want to find what uses port 80. This may be done like Chi.C.J.Rajeeva Lochana has suggested: install netstat if you don't have it (sudo apt install net-tools), use it: sudo netstat -antup | grep 80. It will show some lines which may include :::80 or <your IP>:80 which will tell what is listening to the port
Once you've found what listens to the 80 port, you have to decide what to do with it. For instance, if that's nginx and you don't use it, you may go like Devashish Mishra has suggested: just stop it (sudo systemctl stop nginx). Likewise, you can stop or kill (sudo killall -9 program-name) other programs. However, if you need them, you'll also need to further configure Apache and rerun them (the exact steps highly depend on the case).
Please read this carefully.
Perform the following command, and if you see it is apache, then do the following below the command.
Note: You need to install the net-tools package before you could run netstat. Run sudo apt install net-tools to install it.
sudo netstat -antup | grep 80
You should check the line with something like <Your IP>:80.
Please note that this might also happen when you uninstall Apache when it is running.
The command could be:
sudo killall -9 program-name
Replace program-name with the program's name if the program running on port 80 is not stoppable. Let me know it it doesn't work.
Thanks.
I found this problem and was able to solve it by creating a folder /var/log/apache2, I checked in the /var/log/ folder, it turns out that there is no apache2 folder, just like in the case of mysql that won't start.
seen from your log that
Feb 22 13:58:09 moment apachectl[2791]: AH00015: Unable to open logs
maybe this will help
On your terminal.
Type: sudo stop /etc/init.d/apache2
The response will be:
Stopping apache2 (via systemctl): apache2.service.
Now start the server:
sudo /opt/lampp/lampp start
If you installed lamp correctly this should work
I checked all over, there are many answers to this issue, but none worked.
I am following this tutorial:
https://www.digitalocean.com/community/tutorials/how-to-install-nagios-4-and-monitor-your-servers-on-ubuntu-16-04
The Nagios host is ubuntu 16.04, the client is ubuntu 18.04
Nagios® Core™ 4.3.4
The Nagios server and web is running ok, I can see the localhost status us 'up' in the dashboard.
Something very weird: I installed NRPE 3.2.1 on both the host and the client, but for some reason on the host is 2.15
Host:
root#nagios-1:/tmp/nrpe-nrpe-3.2.1# /usr/local/nagios/libexec/check_nrpe -H 10.142.0.50
NRPE v2.15
Client:
$ /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1
NRPE v3.2.1
Just to make sure, when running check_nrpe from client to server I am using '-2' option to force v2 packets, but I am still getting to error
I added the client ip to the nrpe.cnf (on server), and to be sure also the server ip to the client nrpe.cfg file.
I enabled debug to see the messages in the syslog. this is the response:
Dec 4 00:35:47 nagios-1 check_nrpe: Remote 10.142.0.50 accepted a Version 2 Packet
Dec 4 00:35:51 nagios-1 nrpe[9953]: Connection from 10.142.0.11 port 49889
Dec 4 00:35:51 nagios-1 nrpe[9953]: Host address is in allowed_hosts
Dec 4 00:35:51 nagios-1 nrpe[9953]: Handling the connection...
Dec 4 00:35:51 nagios-1 nrpe[9953]: Error: Could not complete SSL handshake. 1
Dec 4 00:35:51 nagios-1 nrpe[9953]: Connection from closed.
On the host, port 5666 is open and listening
# netstat -at | grep nrpe
tcp 0 0 *:nrpe *:* LISTEN
tcp6 0 0 [::]:nrpe [::]:* LISTEN
I compiled nrpe with --
I am not using xinetd. I use the daemon
# ps aux | grep nrpe
nagios 9866 0.0 0.1 23960 2680 ? Ss 00:35 0:00 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d
Host nrpe conf file:
# grep -o '^[^#]*' /etc/nagios/nrpe.cfg
log_facility=daemon
pid_file=/var/run/nagios/nrpe.pid
server_port=5666
nrpe_user=nagios
nrpe_group=nagios
allowed_hosts=127.0.0.1, 10.142.0.50, 10.142.0.0/20,10.142.0.11
dont_blame_nrpe=1
allow_bash_command_substitution=0
debug=1
command_timeout=60
connection_timeout=300
command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10
command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200
include=/etc/nagios/nrpe_local.cfg
include_dir=/etc/nagios/nrpe.d/
If you need more info let me know and I will add it.
I found the answer!
I had two versions of NRPE on the host. The deamon was running 2.15. I had to kill this version, and I manually run the 3.2.1 version from its other location
/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -f
After that I was able to get a response in the client
I have successfully started an AWS instance. I can connect with Putty and also
with WinSCP. I have ports 80 and 443 open and SSH port 22. I have installed LAMP successfully: Apache seems to start OK on the server:
[ec2-user ~]$ chkconfig --list httpd
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
but when I go enter the public DNS address on the browser it gets timed out!
I also get this report from:
[ec2-user ~]$ ls -l /var/www
total 20
drwxrwsr-x 2 root www 4096 Mar 18 20:24 cgi-bin
drwxrwsr-x 3 root www 4096 Apr 16 21:41 error
drwxrwsr-x 2 root www 4096 Apr 16 22:32 html
drwxrwsr-x 3 root www 4096 Apr 16 21:41 icons
drwxrwsr-x 2 root www 4096 Apr 16 21:41 noindex
[ec2-user#ip-172-31-24-2 ~]$ ^C
[ec2-user#ip-172-31-24-2 ~]$
I'm totally new to this so any help much appreciated!
I'm using a Windows 7 machine and the AWS instance is linux.
Can you please send "sudo netstat -nltp". You also said 80 and 443 is open, are these opened via security groups, right?
The first thing to check when a browser times out is the Security Group. Do you have a rule in your instance's security group that will authorize traffic to TCP Port 80 and / or TCP port 443 ?
If this is correct and SSH connectivity to the instance is OK too (it rules out networking issues), then I would check if your Apache server is actually running. Nothing from the command output shared in your question actually proof Apache is running. Type ps ax | grep http to verify http daemon is running or not. Also type netstat -tnlp as suggested in another reply to very http process is actually listening on port TCP 80 or TCP 443
Seb
I am trying to enable ssh connection to suse linux. I have sshd service running:
peeyush#linux-pohb:~/gccgo.work> systemctl status sshd.service
sshd.service - OpenSSH Daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
Active: active (running) since Thu 2015-03-19 18:36:05 IST; 3h 50min ago
Process: 5702 ExecStartPre=/usr/sbin/sshd-gen-keys-start (code=exited, status=0/SUCCESS)
Main PID: 6035 (sshd)
CGroup: /system.slice/sshd.service
└─6035 /usr/sbin/sshd -D
Mar 19 18:36:01 linux-pohb sshd-gen-keys-start[5702]: Checking for missing se...
Mar 19 18:36:05 linux-pohb sshd-gen-keys-start[5702]: ssh-keygen: generating ...
Mar 19 18:36:06 linux-pohb sshd[6035]: Server listening on 0.0.0.0 port 22.
Mar 19 18:36:06 linux-pohb sshd[6035]: Server listening on :: port 22.
Hint: Some lines were ellipsized, use -l to show in full.
It is listening on port 22 fine:
peeyush#linux-pohb:~/gccgo.work> netstat -an | grep :22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 :::22 :::* LISTEN
But I am not able to connect to it.
[root#lep8a peeyush]# ssh root#192.168.122.19
ssh: connect to host 192.168.122.19 port 22: Connection timed out
My head is aching with finding solutions on internet. Nothing is working.
Could you guys please help me out?
Check if your firewall accepts incoming TCP connections on port 22:
# iptables -nL | grep 22
If the result is empty, you have to add a rule in your firewall.
Open Yast and firewall configuration:
# yast firewall
Goto "Allowed Services" and add "Secure Shell Server". Save and quit Yast and try to connect.
Comment: If you have disabled your firewall completly (not recommended) this answer does not apply.
Run this command:
systemctl enable sshd.service
Then make necessary changes in your /etc/ssh/sshd_config file, and start sshd via:
systemctl start sshd.service
I was dealing with the same problem in SUSE Linux Enterprise Server 15 x86-64. Within the system I was able to # ssh 127.0.0.1 (so the sshd service was working correctly), but from other nodes I got a "Timed out" message.
First, I checked the firewall rules (see answer from xloto):
# iptables -nL | grep 22
Resulted in an empty return message, so we need to set an additional rule.
To set the the firewall rule for SSH's standard port 22, I followed another tutorial (as I do not have a GUI):
# firewall-cmd --permanent --add-service=ssh
# firewall-cmd --reload
It worked for my case, but I'm not sure whether this is best practice.
I am trying to start httpd server on centos 6. It throws following error :
[root#machine ~]# service httpd start
Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:88
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:88
no listening sockets available, shutting down
Unable to open logs
[FAILED]
I have also checked for port 88, It is not is use.
I also checked with semanage, but it didn't help.
Any help will be appreciated.
I happened to run into this problem because of missing SELinux permissions. By default, SELinux only allowed apache/httpd to bind to the following ports:
80, 81, 443, 488, 8008, 8009, 8443, 9000
So binding to my httpd.conf-configured Listen 88 HTTP port and config.d/ssl.conf-configured Listen 8445 TLS/SSL port would fail with that default SELinux configuration.
To fix my problem, I had to add ports 88 and 8445 to my system's SELinux configuration:
Install semanage tools: sudo yum -y install policycoreutils-python
Allow port 88 for httpd: sudo semanage port -a -t http_port_t -p tcp 88
Allow port 8445 for httpd: sudo semanage port -a -t http_port_t -p tcp 8445
Seems like you are running it not as "root". Only root can bind to this port (80).
Check your configuration in the conf/httpd.conf file, Listen line and change the port to higher one.
This is an addition to the answer by Abdull somewhere in this thread:
I had to modify instead of adding a port
semanage port -m -t http_port_t -p tcp 5000
because I get this error on adding the port
ValueError: Port tcp/5000 already defined
At terminal run this command with root permission:
sudo /etc/init.d/apache2 start
You must be root for starting a webserver otherwise you would get similar error.
With my centos 6.7 installation, not only did I have the problem starting httpd with root but also with xauth (getting /usr/bin/xauth: timeout in locking authority file /.Xauthority with underlying permission denied errors)
# setenforce 0
Fixed both issues.
Disable SELinux
Disable SELinux temporarily
sudo setenforce 0
Restart httpd service
service httpd restart
Disable SELinux persistently (after reboot)
vi /etc/selinux/config
Add line and save
SELINUX=disabled
In my case, I tried to first use port 88 instead, and even then the httpd won't start.
I used the below command, i.e. modify instead of add, as suggested by one of users, and was able to run httpd.
semanage port -a -t http_port_t -p tcp 88
after disable SELINUX, any port is aviable.
sudo -s;
setenforce 0;
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config;
In Linux(Centos 6 or higher) ports from 0 to 1024 are reserved for system use.
you can force the system to bind to address any port lower than 1024 if you use root or privileged user.
I installed Apache-2.4 from source with non-root user and I solved this problem by allowing port higher than 1024(ex:8080) and modified http.conf file. chang Listen 80 to Listen 8080
I had similar error while trying to start httpd service for openstack train installation in RHEL 7.5 too.
-- Unit httpd.service has begun starting up.
Jan 31 10:11:16 controller httpd[1631]: (13)Permission denied: AH00072: make_sock: could not bind to address 10.0.0.11:5000
Jan 31 10:11:16 controller httpd[1631]: no listening sockets available, shutting down
Jan 31 10:11:16 controller httpd[1631]: AH00015: Unable to open logs
Jan 31 10:11:16 controller systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Jan 31 10:11:16 controller kill[1632]: kill: cannot find process ""
Jan 31 10:11:16 controller systemd[1]: httpd.service: control process exited, code=exited status=1
Jan 31 10:11:16 controller systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit httpd.service has failed
Solution: It got resolved by disabling SElinux.
I edited /etc/selinux/config, set SELINUX=disabled, then reboot; then it worked.
Alternately, you can run setenforce 0; you don't need reboot, but this is once used.
Just to add more info about this error, I had the similar error on CentOS 8.2:
sudo journalctl -xe
Error:
Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:8081
So, I used the commands from Abdull and Ulrich-Lorenz Schlüter as a follow:
Install semanage tools for CentOS 8.2: sudo yum -y install policycoreutils-python-utils
(For more info: https://www.cyberciti.biz/faq/redhat-install-semanage-selinux-command-rpm )
Allow port 8081 for httpd: sudo semanage port -a -t http_port_t -p tcp 8081
I got the following output: ValueError: Port tcp/8081 already defined
So, I ran:
sudo semanage port -m -t http_port_t -p tcp 8081
As Ulrich-Lorenz Schlüter mentioned.
Then: sudo systemctl start httpd
Now it is working fine.
The actual solution here is to modify the existing port if it exists. For instance, when:
semanage port -a -t http_port_t -p tcp 88
ends up with:
ValueError: Port tcp/88 already defined
then it's very likely the port is having a different type, and to modify it, simply use:
semanage port -m -t http_port_t -p tcp 88
and then, you need to open that port via firewall-cmd if has been closed in your zone.
Also: disabling SELinux is a potential security vulnerability, don't do this on production instances!
Start with root user or with sudo, it works fine, here is sample output:
[ec2-user#ip-172-31-12-164 ~]$ service httpd start
Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:80
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
**[FAILED]**
[ec2-user#ip-172-31-12-164 ~]$ sudo service httpd start
Starting httpd: [ OK ]
[ec2-user#ip-172-31-12-164 ~]$ sudo service httpd status
httpd (pid 3077) is running...
First kill all the hanged instances of httpd, and then try restarting Apache:
service httpd restart