Changing SSL to a port other than port 443 makes Keyhelp inaccessible

Locked
User avatar
Faruqa97
Posts: 11
Joined: Sat 20. Jun 2020, 01:38

Changing SSL to a port other than port 443 makes Keyhelp inaccessible

Post by Faruqa97 »

I was trying to configure Nginx as a reverse proxy for apache, so, far, I got it working with HTTP and HTTPS, the only issue I have is keyhelp was inaccessible after changing the SSL Port to something other than port 443.

Here is my Nginx config:

Code: Select all

## thisismywebsite
server {
    listen         *:443 ssl;
#    return         301 https://thisismywebsite.fun$request_uri;
    ssl_certificate /etc/ssl/keyhelp/letsencrypt/myusername/thisismywebsite.fun/cert.pem;
    ssl_certificate_key /etc/ssl/keyhelp/letsencrypt/myusername/thisismywebsite.fun/private.pem;
    server_name thisismywebsite.fun;
    root /home/users/myusername/www/thisismywebsite/;

    access_log  /var/log/nginx/thisismywebsite.access.log;


    # Static contents
    location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ {
        expires max;
    }

    # Dynamic content, forward to Apache
    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:8080;
	}
}
The error that appeared in the panel:
https://prnt.sc/t9zsgw

To fix this, I'll change the keyhelp and ports.conf port to the default, this would fix the panel, but Nginx won't be able to serve as a reverse proxy for SSL contents, any fix for this?

This is currently the issue holding me back from using this wonderful panel, would be glad if someone could point me to the right direction.
User avatar
Florian
Keyweb AG
Posts: 1243
Joined: Wed 20. Jan 2016, 02:28

Re: Changing SSL to a port other than port 443 makes Keyhelp inaccessible

Post by Florian »

Hello,

did you change the ports for Apache in Keyhelp under Configuration -> Web Server?
Mit freundlichen Grüßen / Best regards
Florian Cheno

**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
User avatar
Faruqa97
Posts: 11
Joined: Sat 20. Jun 2020, 01:38

Re: Changing SSL to a port other than port 443 makes Keyhelp inaccessible

Post by Faruqa97 »

Florian wrote: Wed 1. Jul 2020, 21:51 Hello,

did you change the ports for Apache in Keyhelp under Configuration -> Web Server?
Yeah, I changed it, so as not to cause conflict with the Nginx port.
User avatar
Florian
Keyweb AG
Posts: 1243
Joined: Wed 20. Jan 2016, 02:28

Re: Changing SSL to a port other than port 443 makes Keyhelp inaccessible

Post by Florian »

Hello,

then you should check the corresponding logfiles of Nginx and Apache.

Also check via netstat that the services are running on the port you configured
Mit freundlichen Grüßen / Best regards
Florian Cheno

**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
User avatar
Faruqa97
Posts: 11
Joined: Sat 20. Jun 2020, 01:38

Re: Changing SSL to a port other than port 443 makes Keyhelp inaccessible

Post by Faruqa97 »

Florian wrote: Thu 2. Jul 2020, 10:05 Hello,

then you should check the corresponding logfiles of Nginx and Apache.
Thanks for helping out Florian, I have checked the log files, and it seems Apache couldn't bind to the port I set in the Keyhelp panel, here is the log:

Code: Select all

(98)Address already in use: AH00072: make_sock: could not bind to address [::]:4443
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:4443
[Wed Jul 01 18:53:04.923710 2020] [mpm_worker:alert] [pid 13178:tid 140363518901184] no listening sockets available, sh$
[Wed Jul 01 18:53:04.923721 2020] [:emerg] [pid 13178:tid 140363518901184] AH00019: Unable to open logs, exiting
[Wed Jul 01 18:55:01.513288 2020] [ssl:warn] [pid 28559:tid 140663178759104] AH01909: webmail:443:0 server certificate $
[Wed Jul 01 18:55:01.513427 2020] [ssl:error] [pid 28559:tid 140663178759104] AH02217: ssl_stapling_init_cert: can't re$
[Wed Jul 01 18:55:01.513434 2020] [ssl:error] [pid 28559:tid 140663178759104] AH02604: Unable to configure certificate $
[Wed Jul 01 18:55:01.514781 2020] [suexec:notice] [pid 28559:tid 140663178759104] AH01232: suEXEC mechanism enabled (wr$
[Wed Jul 01 18:55:01.531144 2020] [ssl:warn] [pid 28560:tid 140663178759104] AH01909: webmail:443:0 server certificate $
[Wed Jul 01 18:55:01.531264 2020] [ssl:error] [pid 28560:tid 140663178759104] AH02217: ssl_stapling_init_cert: can't re$
[Wed Jul 01 18:55:01.531281 2020] [ssl:error] [pid 28560:tid 140663178759104] AH02604: Unable to configure certificate $
[Wed Jul 01 18:55:01.532782 2020] [core:warn] [pid 28560:tid 140663178759104] AH00098: pid file /var/run/apache2/apache$
[Wed Jul 01 18:55:01.533522 2020] [mpm_worker:notice] [pid 28560:tid 140663178759104] AH00292: Apache/2.4.29 (Ubuntu) m$
[Wed Jul 01 18:55:01.533541 2020] [core:notice] [pid 28560:tid 140663178759104] AH00094: Command line: '/usr/sbin/apach$
This is like the 4th time I am trying this, even without using a reverse proxy, once I change the SSL port of apache, the panel becomes inaccessible
User avatar
Florian
Keyweb AG
Posts: 1243
Joined: Wed 20. Jan 2016, 02:28

Re: Changing SSL to a port other than port 443 makes Keyhelp inaccessible

Post by Florian »

Hallo,

check if something is running on port 4443, other process or zombie process so that it is blocked.
Mit freundlichen Grüßen / Best regards
Florian Cheno

**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
User avatar
Faruqa97
Posts: 11
Joined: Sat 20. Jun 2020, 01:38

Re: Changing SSL to a port other than port 443 makes Keyhelp inaccessible

Post by Faruqa97 »

I just tried on a fresh Ubuntu O.S, and I still have the same issue.

When I check the service using the port 4443, I got this:

Code: Select all

user@panel: sudo lsof -i:4443
COMMAND  PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
apache2 6154     root    6u  IPv6  49126      0t0  TCP *:4443 (LISTEN)
apache2 6156 www-data    6u  IPv6  49126      0t0  TCP *:4443 (LISTEN)
apache2 6157 www-data    6u  IPv6  49126      0t0  TCP *:4443 (LISTEN)
apache2 6196 www-data    6u  IPv6  49126      0t0  TCP *:4443 (LISTEN)
I also checked if port 443 is the one causing the conflict with lsof -i :443, it didn't return anything, but immediately I edited the files to listen to port 443, it worked, which isn't what I want.

Have you tried this for yourself?
User avatar
Alexander
Keyweb AG
Posts: 3810
Joined: Wed 20. Jan 2016, 02:23

Re: Changing SSL to a port other than port 443 makes Keyhelp inaccessible

Post by Alexander »

Yes it is working, tested on Ubuntu 18 some seconds ago.

KeyHelp does nothing more than writing all vhosts with the ports specified on "Configuration" -> "Webserver", and updates the ports.conf.

If there is anything other blocking this port, like an other service this is out of scope of this function. Have you checked an other port?
Mit freundlichen Grüßen / Best regards
Alexander Mahr

**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
User avatar
Faruqa97
Posts: 11
Joined: Sat 20. Jun 2020, 01:38

Re: Changing SSL to a port other than port 443 makes Keyhelp inaccessible

Post by Faruqa97 »

Alexander wrote: Mon 6. Jul 2020, 12:44 KeyHelp does nothing more than writing all vhosts with the ports specified on "Configuration" -> "Webserver", and updates the ports.conf.

If there is anything other blocking this port, like an other service this is out of scope of this function. Have you checked an other port?
Yeah, I have checked other ports, and reverse proxy works without using keyhelp. Check out the video I recorded below, I can change the Http port without any issue, but I can't change the Https port (this is a new server I just deployed):
https://streamable.com/ec5nta
User avatar
Tobi
Community Moderator
Posts: 2812
Joined: Thu 5. Jan 2017, 13:24

Re: Changing SSL to a port other than port 443 makes Keyhelp inaccessible

Post by Tobi »

Why do you restart Apache manually?
Normally KeyHelp does this job.
Gruß,
Tobi


-----------------------------
wewoco.de
Das Forum für Reseller, Digital-Agenturen, Bildschirmarbeiter und Mäuseschubser
User avatar
Faruqa97
Posts: 11
Joined: Sat 20. Jun 2020, 01:38

Re: Changing SSL to a port other than port 443 makes Keyhelp inaccessible

Post by Faruqa97 »

Tobi wrote: Wed 8. Jul 2020, 08:00 Why do you restart Apache manually?
Normally KeyHelp does this job.
Could restarting manually be the problem? I guess not!
User avatar
joestr
Posts: 18
Joined: Thu 25. Apr 2019, 21:55

Re: Changing SSL to a port other than port 443 makes Keyhelp inaccessible

Post by joestr »

Faruqa97 wrote: Wed 8. Jul 2020, 04:07
Alexander wrote: Mon 6. Jul 2020, 12:44 KeyHelp does nothing more than writing all vhosts with the ports specified on "Configuration" -> "Webserver", and updates the ports.conf.

If there is anything other blocking this port, like an other service this is out of scope of this function. Have you checked an other port?
Yeah, I have checked other ports, and reverse proxy works without using keyhelp. Check out the video I recorded below, I can change the Http port without any issue, but I can't change the Https port (this is a new server I just deployed):
https://streamable.com/ec5nta
Unfortunately, the URL is not shown in the video. Did it change to https://keyhelp.example.com:4040/?
User avatar
Faruqa97
Posts: 11
Joined: Sat 20. Jun 2020, 01:38

Re: Changing SSL to a port other than port 443 makes Keyhelp inaccessible

Post by Faruqa97 »


Unfortunately, the URL is not shown in the video. Did it change to https://keyhelp.example.com:4040/?
I don't think so, but, I'll retry to see if it does.
Locked