I am trying to allow connections to mac running nginx on port 8080. I have tried to use the UI for setting the firewall. Also tried to use the terminal - nothing worked?
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --add /usr/local/Cellar/nginx/1.8.0/bin/nginx
Everything works fine when I turn off the firewall.
Starting normally in daemon mode does not seem to bind nginx to the firewall
$ sudo nginx
Starting in non-daemon mode does bind to the firewall and MacOS would prompt you to add/deny the firewall rule.
$ sudo nginx -g "daemon off;"
You can also debug the firewall log file while your external connections try to connect to nginx
$ sudo tail -f /var/log/appfirewall.log
You'll want to see both LISTEN and CONNECT in the log:
Jun 21 17:11:17 MacBook socketfilterfw[1645] <Info>: nginx: Allow TCP LISTEN (in:0 out:4)
Jun 21 17:11:17 MacBook socketfilterfw[1645] <Info>: nginx: Allow TCP CONNECT (in:1 out:0)
If you using nginx from brew, just run nginx with sudo param:
$ sudo brew services start nginx
then firewall ask you to allow in connections.
Note: if you run same command but with no sudo, firewall not allowed connection.
Related
I'm running an Ubuntu VM with multipass hyperkit do run microk8s. Within the VM all things checkout and available with skaffold/kubectl port forwarding. For instance:
$ multipass list
Name State IPv4 Image
microk8s-vm Running 192.168.64.2 Ubuntu 20.04 LTS
10.0.1.1
172.17.0.1
10.1.254.64
Port forwarding service/my-app in namespace default, remote port 80 -> 127.0.0.1:4503
Within the VM:curl localhost:4503 โ
From the host: curl 192.168.64.2:4503๐
I know the VM is reachable on port 80 because curl 192.168.64.2 returns default ngnix not found page. FWIW I never installed ngnix and the service doesn't seem to be running /cannot turn it off.
I've been at this for a day and I'm stumped. I even tried the Vbox driver and manually configured a bridge adapter. I even created my own adapter...
$ multipass exec -- microk8s-vm sudo bash -c "cat > /etc/netplan/60-bridge.yaml" <<EOF
network:
ethernets:
enp0s8: # this is the interface name from above
dhcp4: true
dhcp4-overrides: # this is needed so the default gateway
route-metric: 200 # remains with the first interface
version: 2
EOF
$ multipass exec microk8s-vm sudo netplan apply
How can I reach this VM from the host?
You cant access your pod ip /portlike this.
If you want to access your pods port over the nodes ip address, you need to define a service type NodePort and then use ipaddressOfNode:NodePort.
curl http://ipaddressOfNode:NodePort
With port-forward you must use the localhost of your host system.
kubectl port-forward svc/myservice 8000:yourServicePort
then
curl http://localhost:8000
I have an Ubuntu 16.04 LTS virtual machine that I use for log management. Since I created it, I use Sesman-Xvnc and has always been nice and easy to log in. However, after been on it for the last 3 weeks with on issues whatsoever, today I got to the office and it throws this error:
Connecting to sesman ip 127.0.0.1 port 3350
sesman connect ok
sending login info to session manager, please wait...
xrdp_mm_process_login_response: login successful for display
Started connecting
connecting to 127.0.0.1 5912
tcp connected
security level is 2 (1 = none, 2 = standard)
password failed
error - problem connecting
I didn't changed my password, the machine was on all the time and I am able to log in via ssh with my user and password.
I have tried reinstalling the services with:
sudo apt-get remove xrdp vnc4server tightvncserver
sudo apt-get install tightvncserver
sudo apt-get install xrdp
And then restarted the xrdp service with:
service xrdp restart
I have also created a new user but the results are the same; password failed.
Any ideas of how to sort this out?
Thank you very much familia. ;)
I too have the same issue facing it since today, Have put up the issue here.
XRDP doesnt connect to Azure VM suddenly
I fixed it by allowing the port which it is trying to connect to sesman in the ufw:
The moment u see connecting to "sesman ip 127.0.0.1 port 3350" (or any other port) in the RDP, Take that port number, and allow that port to the ufw using
These are the steps I used :
Downgrade ur xrdp using this :
[sudo apt-get install xrdp=0.6.1-2
and Hold the xrdp instance,
sudo apt-mark hold xrdp
Sudo ufw enable
Sudo ufw allow 3350 and
Sudo ufw allow 3389]
NB:You may use this cmd to see if its open:
sudo netstat -plnt | grep rdp
Perform these in the SSH window.
This worked for me. Hope it fixes this issue.
We had the same issue and it seems to be caused by an automatic update of 'xrdp'. Have a look to this post:
https://askubuntu.com/questions/1108550/xrdp-failed-problem-connecting-when-package-was-auto-updated
I have a Centos 7 OS configured on VirtualBox machine. I have installed X509 certificate using Openssl tool and configured the apache HTTPD server.
I connect to Centos7 guest on VirtualBox via SSH on my local MAC OSX Seirra (10.12.3) on terminal using root. I have verified that /etc/host on my MAC is correctly pointing to the guest on VirtualBox. Also verified the port forwarding on VirtualBox and they are all setup correctly for allowing traffic on 80 (http) and 443 (https) and 22 (ssh).Also I have made sure that Apache user has proper previleges on the index.html and other folders under DocumentRoot folder. I have also verified that /etc/host on my MAC is correctly pointing to a guest running on VirtualBox.
I have set the firewall to :
setenforce 0
So hopefully it is not a SELinux issue.
Then I run following command on terminal as root user of my Centos7 OS :
curl https://localhost -k
and I do get the default index.html file content.
But then, when I go to my MAC OS browser to connect to VirtualBOX website on HTTPS, I see following message on Chrome browser :
This site canโt be reached localhost refused to connect.
Please note that I can connect to my Vbox CentOS HTTPD server on HTTP.
So what is going wrong here when trying to access the apache server using HTTPS?
You must enable access to https using firewall-cmd:
# firewall-cmd --permanent --add-service=https
or
# firewall-cmd --permanent --add-port=443/tcp
then reload the rules
# firewall-cmd --reload
Try this once.
systemctl stop firewalld
After that try to access website.
I have a server running on port 80, but I do not know what it is or where it came from. When I run
sudo lsof -i :80 | grep LISTEN
I get
httpd 80 root 5u IPv6 0x91f5a9de62859cfd 0t0 TCP *:http (LISTEN)
httpd 694 _www 5u IPv6 0x91f5a9de62859cfd 0t0 TCP *:http (LISTEN)
I have tried to enter get the process name using the PID, but all I ever get in return is "httpd" or "FOREGROUND".
When I kill the PID, the process simply restarts with a new PID. I assume I will have to stop it at launch.
How can I stop this server from running at startup?
If it helps any, I am trying to free up port 80 to use the apache server on MAMP.
This is just a guess, but it might be the built-in version of apache, being launched (& restarted) by launchd (OS X's daemon manager). It's disabled by default, but might've gotten enabled somehow. You can try disabling it with:
sudo launchctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist
If that doesn't do it (it'll say something like "Could not find specified service"), you can check to see if it's some other launch daemon item by looking for the PID of the master process (the one running as root, not _www):
sudo launchctl list | grep <masterPID>
That won't necessarily tell you exactly what's going on, but might point you in the right direction.
Like Gordon suggested, that's the built-in version of the Apache web server.
You can stop it with
sudo apachectl stop
btw, the configuration for this webserver can be found in the /etc/apache2/httpd.conf directory.
This happens to me a lot.
As #Gordon Davisson explains it is most likely the launchdeamon process conflicting with the service you have set up.
Definitely stop the apachetl server.
sudo apachetl -k stop
Try to find all the httpd process, they should be the last ones
sudo lsof -i :80 // without grep
Then get the first process (most likely in the 1000s) should also be the lowest one.
sudo kill <firstHttpdPID>
This should kill ALL the processes running that httpd instance and then you get simply start back up your server.
Must stop it first though or it will continue running again.
Mac OSX comes bundled with Apache, however it is deactivated. You might have activated it somehow. In my case, I have previously install XAMPP and configured something in the /etc/apache2/httpd.conf that leads my port localhost:80 to leads to html page with It Works!.
TLDR, the solution is to deactivate the Apache2 server.
Go to your terminal, and type this
sudo apachetl -k stop
In my case, it returns the following:
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using Shafies-MacBook-Pro.local. Set the 'ServerName' directive globally to suppress this message
httpd (no pid file) not running
if you typed localhost on your browser, the port 80 is not active anymore and you will not see It Works! anymore.
For context, I have deleted XAMPP long time ago and not aware that my localhost:80 is still active. I am not able redirect dummy domain -- posts.com to my localhost port for my kubernetes YAML config files.
This is my ingress-srv.yaml file:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-srv
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: 'true'
spec:
rules:
- host: posts.com
http:
paths:
- path: /?(.*)
backend:
serviceName: client-srv
servicePort: 3000
and I have tricked the operating system to redirect my posts.com to localhost:80 by adding below line in the hosts file located at /etc/hosts
127.0.0.1 posts.com
by SM
In my current job we have development environment made with docker-compose.
One container is nginx, which provide routing to other containers.
Everything seems fine and work to my colleague on windows and osx. But on my system (osx El Capitan), there is problem with accessing nginx container on port 80.
There is setup of container from docker-compose.yml
nginx:
build: ./dockerbuild/nginx
ports:
- 80:80
links:
- php
volumes_from:
- app
... and more
In ./dockerbuild/nginx there is nothing special, just nginx config as we know it from everywhere.
When I run everyting with docker-compose create and docker-compose start. Then docker ps give me
3b296c1e4775 docker_nginx "nginx -g 'daemon off" About an hour ago Up 47 minutes 0.0.0.0:80->80/tcp, 443/tcp docker_nginx_1
But when I try to access it for example via curl I get error. curl: (7) Failed to connect to localhost port 80: Connection refused
I try to run container with port 81 and everything works fine.
Port is really binded to docker
22:47 $ sudo lsof -i -n -P | grep TCP
...
com.docke 14718 schovi 38u IPv4 0x6e9c93c51ec4b617 0t0 TCP *:80 (LISTEN)
...
Firewall in osx is turned off and I have no other security.
if you are using docker-for-mac:
Accessing by localhost:80 is correct, though you still have to ensure you do not have a local apache/nginx service running. Often leftovers from boxen/homebrew exist binding that port, because thats what developers did back then :)
if you are using dockertoolbox/virtualbox/whatever hypervisor
You will not be able to access it by localhost, by by the docker-machine ip, so write docker-machine ip default and the use http://$ip:80 in your browser
if that does not help
Ensure your nginx container actually does work, so connect to the container: docker exec -i -t <containerid> bash
and then run ps aux nginx or if telnet is installed try to connect to localhost
Solved!
Problem was, that long long time ago I installed pow (super simple automated rails server which run application on app_name.local domain). And this beast left LaunchAgent script which update pf to forward port 80 to pow port.
In my current job we have development environment made with docker-compose.
A privilege to use.
[W]hen I try to access [nginx on port 80] for example via curl I get error.
Given there's nothing from causing you from accessing docker on your host os you should look at the app running inside the container to ensure it's binding to the correct host, e.g. 0.0.0.0 and not localhost.
For example, if you're running Nuxt inside a container with nuxt-ts observe Nuxt will default to localhost thereby causing the container not to connect to the docker network whereas npx nuxt-ts -H 0.0.0.0 gets things squared away with the container's internal server connecting to the ip of the docker network used (verify ip like docker container inspect d8af01990363).