Page 1 of 1
Changing SSL to a port other than port 443 makes Keyhelp inaccessible
Posted: Wed 1. Jul 2020, 21:09
by Faruqa97
I was trying to configure Nginx as a reverse proxy for apache, so, far, I got it working with HTTP and HTTPS, the only issue I have is keyhelp was inaccessible after changing the SSL Port to something other than port 443.
Here is my Nginx config:
Code: Select all
## thisismywebsite
server {
listen *:443 ssl;
# return 301 https://thisismywebsite.fun$request_uri;
ssl_certificate /etc/ssl/keyhelp/letsencrypt/myusername/thisismywebsite.fun/cert.pem;
ssl_certificate_key /etc/ssl/keyhelp/letsencrypt/myusername/thisismywebsite.fun/private.pem;
server_name thisismywebsite.fun;
root /home/users/myusername/www/thisismywebsite/;
access_log /var/log/nginx/thisismywebsite.access.log;
# Static contents
location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ {
expires max;
}
# Dynamic content, forward to Apache
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}
}
The error that appeared in the panel:
https://prnt.sc/t9zsgw
To fix this, I'll change the keyhelp and ports.conf port to the default, this would fix the panel, but Nginx won't be able to serve as a reverse proxy for SSL contents, any fix for this?
This is currently the issue holding me back from using this wonderful panel, would be glad if someone could point me to the right direction.
Re: Changing SSL to a port other than port 443 makes Keyhelp inaccessible
Posted: Wed 1. Jul 2020, 21:51
by Florian
Hello,
did you change the ports for Apache in Keyhelp under Configuration -> Web Server?
Re: Changing SSL to a port other than port 443 makes Keyhelp inaccessible
Posted: Wed 1. Jul 2020, 23:22
by Faruqa97
Florian wrote: ↑Wed 1. Jul 2020, 21:51
Hello,
did you change the ports for Apache in Keyhelp under Configuration -> Web Server?
Yeah, I changed it, so as not to cause conflict with the Nginx port.
Re: Changing SSL to a port other than port 443 makes Keyhelp inaccessible
Posted: Thu 2. Jul 2020, 10:05
by Florian
Hello,
then you should check the corresponding logfiles of Nginx and Apache.
Also check via netstat that the services are running on the port you configured
Re: Changing SSL to a port other than port 443 makes Keyhelp inaccessible
Posted: Thu 2. Jul 2020, 18:43
by Faruqa97
Florian wrote: ↑Thu 2. Jul 2020, 10:05
Hello,
then you should check the corresponding logfiles of Nginx and Apache.
Thanks for helping out Florian, I have checked the log files, and it seems Apache couldn't bind to the port I set in the Keyhelp panel, here is the log:
Code: Select all
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:4443
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:4443
[Wed Jul 01 18:53:04.923710 2020] [mpm_worker:alert] [pid 13178:tid 140363518901184] no listening sockets available, sh$
[Wed Jul 01 18:53:04.923721 2020] [:emerg] [pid 13178:tid 140363518901184] AH00019: Unable to open logs, exiting
[Wed Jul 01 18:55:01.513288 2020] [ssl:warn] [pid 28559:tid 140663178759104] AH01909: webmail:443:0 server certificate $
[Wed Jul 01 18:55:01.513427 2020] [ssl:error] [pid 28559:tid 140663178759104] AH02217: ssl_stapling_init_cert: can't re$
[Wed Jul 01 18:55:01.513434 2020] [ssl:error] [pid 28559:tid 140663178759104] AH02604: Unable to configure certificate $
[Wed Jul 01 18:55:01.514781 2020] [suexec:notice] [pid 28559:tid 140663178759104] AH01232: suEXEC mechanism enabled (wr$
[Wed Jul 01 18:55:01.531144 2020] [ssl:warn] [pid 28560:tid 140663178759104] AH01909: webmail:443:0 server certificate $
[Wed Jul 01 18:55:01.531264 2020] [ssl:error] [pid 28560:tid 140663178759104] AH02217: ssl_stapling_init_cert: can't re$
[Wed Jul 01 18:55:01.531281 2020] [ssl:error] [pid 28560:tid 140663178759104] AH02604: Unable to configure certificate $
[Wed Jul 01 18:55:01.532782 2020] [core:warn] [pid 28560:tid 140663178759104] AH00098: pid file /var/run/apache2/apache$
[Wed Jul 01 18:55:01.533522 2020] [mpm_worker:notice] [pid 28560:tid 140663178759104] AH00292: Apache/2.4.29 (Ubuntu) m$
[Wed Jul 01 18:55:01.533541 2020] [core:notice] [pid 28560:tid 140663178759104] AH00094: Command line: '/usr/sbin/apach$
This is like the 4th time I am trying this, even without using a reverse proxy, once I change the SSL port of apache, the panel becomes inaccessible
Re: Changing SSL to a port other than port 443 makes Keyhelp inaccessible
Posted: Fri 3. Jul 2020, 09:45
by Florian
Hallo,
check if something is running on port 4443, other process or zombie process so that it is blocked.
Re: Changing SSL to a port other than port 443 makes Keyhelp inaccessible
Posted: Fri 3. Jul 2020, 18:01
by Faruqa97
I just tried on a fresh Ubuntu O.S, and I still have the same issue.
When I check the service using the port 4443, I got this:
Code: Select all
user@panel: sudo lsof -i:4443
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
apache2 6154 root 6u IPv6 49126 0t0 TCP *:4443 (LISTEN)
apache2 6156 www-data 6u IPv6 49126 0t0 TCP *:4443 (LISTEN)
apache2 6157 www-data 6u IPv6 49126 0t0 TCP *:4443 (LISTEN)
apache2 6196 www-data 6u IPv6 49126 0t0 TCP *:4443 (LISTEN)
I also checked if port 443 is the one causing the conflict with lsof -i :443, it didn't return anything, but immediately I edited the files to listen to port 443, it worked, which isn't what I want.
Have you tried this for yourself?
Re: Changing SSL to a port other than port 443 makes Keyhelp inaccessible
Posted: Mon 6. Jul 2020, 12:44
by Alexander
Yes it is working, tested on Ubuntu 18 some seconds ago.
KeyHelp does nothing more than writing all vhosts with the ports specified on "Configuration" -> "Webserver", and updates the ports.conf.
If there is anything other blocking this port, like an other service this is out of scope of this function. Have you checked an other port?
Re: Changing SSL to a port other than port 443 makes Keyhelp inaccessible
Posted: Wed 8. Jul 2020, 04:07
by Faruqa97
Alexander wrote: ↑Mon 6. Jul 2020, 12:44
KeyHelp does nothing more than writing all vhosts with the ports specified on "Configuration" -> "Webserver", and updates the ports.conf.
If there is anything other blocking this port, like an other service this is out of scope of this function. Have you checked an other port?
Yeah, I have checked other ports, and reverse proxy works without using keyhelp. Check out the video I recorded below, I can change the Http port without any issue, but I can't change the Https port (this is a new server I just deployed):
https://streamable.com/ec5nta
Re: Changing SSL to a port other than port 443 makes Keyhelp inaccessible
Posted: Wed 8. Jul 2020, 08:00
by Tobi
Why do you restart Apache manually?
Normally KeyHelp does this job.
Re: Changing SSL to a port other than port 443 makes Keyhelp inaccessible
Posted: Wed 8. Jul 2020, 21:54
by Faruqa97
Tobi wrote: ↑Wed 8. Jul 2020, 08:00
Why do you restart Apache manually?
Normally KeyHelp does this job.
Could restarting manually be the problem? I guess not!
Re: Changing SSL to a port other than port 443 makes Keyhelp inaccessible
Posted: Mon 27. Jul 2020, 20:16
by joestr
Faruqa97 wrote: ↑Wed 8. Jul 2020, 04:07
Alexander wrote: ↑Mon 6. Jul 2020, 12:44
KeyHelp does nothing more than writing all vhosts with the ports specified on "Configuration" -> "Webserver", and updates the ports.conf.
If there is anything other blocking this port, like an other service this is out of scope of this function. Have you checked an other port?
Yeah, I have checked other ports, and reverse proxy works without using keyhelp. Check out the video I recorded below, I can change the Http port without any issue, but I can't change the Https port (this is a new server I just deployed):
https://streamable.com/ec5nta
Unfortunately, the URL is not shown in the video. Did it change to
https://keyhelp.example.com:4040/?
Re: Changing SSL to a port other than port 443 makes Keyhelp inaccessible
Posted: Wed 29. Jul 2020, 16:57
by Faruqa97
I don't think so, but, I'll retry to see if it does.