I was not able to use port 8080 because it was apparently already used.
In order to see which program was using it, I typed the following command in my terminal (on MacOS):
sudo lsof -n -i :8080
Here's the result:
httpd is also listening on port 80, which I found out by using the following command:
sudo lsof -n -i :80 | grep LISTEN
Here's the result:
So I went to find out what this "httpd"-process was. Apparently it is basically the web server installed on my machine. The web server installed on my machine is Apache2.
Given this fact I concluded that Apache2 was apparently configured to listen on port 80 AND on port 8080.
BUT: Here's the crazy thing: I went to the folder /etc/apache2 and opened the file "httpd.conf". In the file Apache is configured to listen on port 80 only !!!
Why the hell is it also listening on port 8080 ?!
How can I make it listen on port 80 only ?
I'm trying to set up a CouchDB 2.0 instance up on my CentOS 7 server.
I've got it installed and running as a systemd service and it responses with its friendly hello world message when I access it from the server using 127.0.0.1 or 0.0.0.0
$ curl 127.0.0.1:5984
{"couchdb":"Welcome","version":"2.0.0","vendor":{"name":"The Apache Software Foundation"}}
$ curl 0.0.0.0:5984
{"couchdb":"Welcome","version":"2.0.0","vendor":{"name":"The Apache Software Foundation"}}
in my local.ini file I've configed the bind_address to 0.0.0.0
[httpd]
bind_address = 0.0.0.0
My understanding was that if I had this bind address I could connect to port 5984 from any ip address open in my firewall
I'm using firewalld for my firewall and I've configured it to open port 5984
This config is confirmed by listing the configuration of the public zone:
$ sudo firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: couchdb2 dhcpv6-client http https ssh
ports: 443/tcp 5984/tcp
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
I've also created a service called couchdb2 at /etc/firewalld/services/couchdb2.xml with XML:
<service>
<short>couchdb2</short>
<description>CouchDB 2.0 Instance</description>
<port protocol="tcp" port="5984"/>
</service>
From what I know about firewalld I should be able to receive connection on 5984 now
but when I curl from my laptop my connection is refused:
$ curl my-server:5984 --verbose
* Rebuilt URL to: my-server:5984/
* Trying <my-ip>...
* connect to <my-ip> port 5984 failed: Connection refused
* Failed to connect to my-server port 5984: Connection refused
* Closing connection 0
When I connect to the couchdb instance locally via either 127.0.0.1 or 0.0.0.0 I can see the 200 response in my couchdb log:
$ sudo journalctl -u couchdb2
...
[notice] 2017-06-06T00:35:01.159244Z couchdb#localhost <0.3328.0> 222d655c69 0.0.0.0:5984 127.0.0.1 undefined GET / 200 ok 28
[notice] 2017-06-06T00:37:21.819298Z couchdb#localhost <0.5598.0> 2f8986d14b 127.0.0.1:5984 127.0.0.1 undefined GET / 200 ok 1
But when I curled from my laptop nothing shows up in the couchdb log for the Connection Refused error
This suggests to me that the problem may be the firewall and not CouchDB but I'm not sure about that.
Is Connection Refused always the firewall? Would I be getting some other error if this where the CouchDB instance having a problem?
To the best of my knowledge both CouchDB and firewalld are configured correctly, but its not working like I expected.
Any help would be appreciated, whether you know the problem or whether you can just help me discern if the problem is related to CouchDB or firewalld.
I am trying to enable ssh connection to suse linux. I have sshd service running:
peeyush#linux-pohb:~/gccgo.work> systemctl status sshd.service
sshd.service - OpenSSH Daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
Active: active (running) since Thu 2015-03-19 18:36:05 IST; 3h 50min ago
Process: 5702 ExecStartPre=/usr/sbin/sshd-gen-keys-start (code=exited, status=0/SUCCESS)
Main PID: 6035 (sshd)
CGroup: /system.slice/sshd.service
└─6035 /usr/sbin/sshd -D
Mar 19 18:36:01 linux-pohb sshd-gen-keys-start[5702]: Checking for missing se...
Mar 19 18:36:05 linux-pohb sshd-gen-keys-start[5702]: ssh-keygen: generating ...
Mar 19 18:36:06 linux-pohb sshd[6035]: Server listening on 0.0.0.0 port 22.
Mar 19 18:36:06 linux-pohb sshd[6035]: Server listening on :: port 22.
Hint: Some lines were ellipsized, use -l to show in full.
It is listening on port 22 fine:
peeyush#linux-pohb:~/gccgo.work> netstat -an | grep :22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 :::22 :::* LISTEN
But I am not able to connect to it.
[root#lep8a peeyush]# ssh root#192.168.122.19
ssh: connect to host 192.168.122.19 port 22: Connection timed out
My head is aching with finding solutions on internet. Nothing is working.
Could you guys please help me out?
Check if your firewall accepts incoming TCP connections on port 22:
# iptables -nL | grep 22
If the result is empty, you have to add a rule in your firewall.
Open Yast and firewall configuration:
# yast firewall
Goto "Allowed Services" and add "Secure Shell Server". Save and quit Yast and try to connect.
Comment: If you have disabled your firewall completly (not recommended) this answer does not apply.
Run this command:
systemctl enable sshd.service
Then make necessary changes in your /etc/ssh/sshd_config file, and start sshd via:
systemctl start sshd.service
I was dealing with the same problem in SUSE Linux Enterprise Server 15 x86-64. Within the system I was able to # ssh 127.0.0.1 (so the sshd service was working correctly), but from other nodes I got a "Timed out" message.
First, I checked the firewall rules (see answer from xloto):
# iptables -nL | grep 22
Resulted in an empty return message, so we need to set an additional rule.
To set the the firewall rule for SSH's standard port 22, I followed another tutorial (as I do not have a GUI):
# firewall-cmd --permanent --add-service=ssh
# firewall-cmd --reload
It worked for my case, but I'm not sure whether this is best practice.
I am trying to start httpd server on centos 6. It throws following error :
[root#machine ~]# service httpd start
Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:88
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:88
no listening sockets available, shutting down
Unable to open logs
[FAILED]
I have also checked for port 88, It is not is use.
I also checked with semanage, but it didn't help.
Any help will be appreciated.
I happened to run into this problem because of missing SELinux permissions. By default, SELinux only allowed apache/httpd to bind to the following ports:
80, 81, 443, 488, 8008, 8009, 8443, 9000
So binding to my httpd.conf-configured Listen 88 HTTP port and config.d/ssl.conf-configured Listen 8445 TLS/SSL port would fail with that default SELinux configuration.
To fix my problem, I had to add ports 88 and 8445 to my system's SELinux configuration:
Install semanage tools: sudo yum -y install policycoreutils-python
Allow port 88 for httpd: sudo semanage port -a -t http_port_t -p tcp 88
Allow port 8445 for httpd: sudo semanage port -a -t http_port_t -p tcp 8445
Seems like you are running it not as "root". Only root can bind to this port (80).
Check your configuration in the conf/httpd.conf file, Listen line and change the port to higher one.
This is an addition to the answer by Abdull somewhere in this thread:
I had to modify instead of adding a port
semanage port -m -t http_port_t -p tcp 5000
because I get this error on adding the port
ValueError: Port tcp/5000 already defined
At terminal run this command with root permission:
sudo /etc/init.d/apache2 start
You must be root for starting a webserver otherwise you would get similar error.
With my centos 6.7 installation, not only did I have the problem starting httpd with root but also with xauth (getting /usr/bin/xauth: timeout in locking authority file /.Xauthority with underlying permission denied errors)
# setenforce 0
Fixed both issues.
Disable SELinux
Disable SELinux temporarily
sudo setenforce 0
Restart httpd service
service httpd restart
Disable SELinux persistently (after reboot)
vi /etc/selinux/config
Add line and save
SELINUX=disabled
In my case, I tried to first use port 88 instead, and even then the httpd won't start.
I used the below command, i.e. modify instead of add, as suggested by one of users, and was able to run httpd.
semanage port -a -t http_port_t -p tcp 88
after disable SELINUX, any port is aviable.
sudo -s;
setenforce 0;
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config;
In Linux(Centos 6 or higher) ports from 0 to 1024 are reserved for system use.
you can force the system to bind to address any port lower than 1024 if you use root or privileged user.
I installed Apache-2.4 from source with non-root user and I solved this problem by allowing port higher than 1024(ex:8080) and modified http.conf file. chang Listen 80 to Listen 8080
I had similar error while trying to start httpd service for openstack train installation in RHEL 7.5 too.
-- Unit httpd.service has begun starting up.
Jan 31 10:11:16 controller httpd[1631]: (13)Permission denied: AH00072: make_sock: could not bind to address 10.0.0.11:5000
Jan 31 10:11:16 controller httpd[1631]: no listening sockets available, shutting down
Jan 31 10:11:16 controller httpd[1631]: AH00015: Unable to open logs
Jan 31 10:11:16 controller systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Jan 31 10:11:16 controller kill[1632]: kill: cannot find process ""
Jan 31 10:11:16 controller systemd[1]: httpd.service: control process exited, code=exited status=1
Jan 31 10:11:16 controller systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit httpd.service has failed
Solution: It got resolved by disabling SElinux.
I edited /etc/selinux/config, set SELINUX=disabled, then reboot; then it worked.
Alternately, you can run setenforce 0; you don't need reboot, but this is once used.
Just to add more info about this error, I had the similar error on CentOS 8.2:
sudo journalctl -xe
Error:
Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:8081
So, I used the commands from Abdull and Ulrich-Lorenz Schlüter as a follow:
Install semanage tools for CentOS 8.2: sudo yum -y install policycoreutils-python-utils
(For more info: https://www.cyberciti.biz/faq/redhat-install-semanage-selinux-command-rpm )
Allow port 8081 for httpd: sudo semanage port -a -t http_port_t -p tcp 8081
I got the following output: ValueError: Port tcp/8081 already defined
So, I ran:
sudo semanage port -m -t http_port_t -p tcp 8081
As Ulrich-Lorenz Schlüter mentioned.
Then: sudo systemctl start httpd
Now it is working fine.
The actual solution here is to modify the existing port if it exists. For instance, when:
semanage port -a -t http_port_t -p tcp 88
ends up with:
ValueError: Port tcp/88 already defined
then it's very likely the port is having a different type, and to modify it, simply use:
semanage port -m -t http_port_t -p tcp 88
and then, you need to open that port via firewall-cmd if has been closed in your zone.
Also: disabling SELinux is a potential security vulnerability, don't do this on production instances!
Start with root user or with sudo, it works fine, here is sample output:
[ec2-user#ip-172-31-12-164 ~]$ service httpd start
Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:80
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
**[FAILED]**
[ec2-user#ip-172-31-12-164 ~]$ sudo service httpd start
Starting httpd: [ OK ]
[ec2-user#ip-172-31-12-164 ~]$ sudo service httpd status
httpd (pid 3077) is running...
First kill all the hanged instances of httpd, and then try restarting Apache:
service httpd restart
I have done "semanage port -a -t http_port_t -p tcp 81" and modified httpd.conf to listen on port 81. After restart httpd service it is not working. but it is working with default port 80. I have checked my SeLinux and it is in fact disabled. Can some one get me out of it?
Any chance you have iptables blocking port 81?
iptables -L