In my debian PC i had a nginx server, but i removed it completely. Now i have permanently :80 port busy.
I ran any kind of command for stop those services, but they execute again.
What can i do for set free 80 port? THX.
nginx 6593 root 6u IPv4 345904 0t0 TCP *:80 (LISTEN)
nginx 6605 systemd-network 6u IPv4 345904 0t0 TCP *:80 (LISTEN)
You should be able to simply kill the process.
kill command syntax
# kill [signal or option] PID(s)
So in your case,
kill SIGTERM 6593
You might need to be as root, so prepend with sudo as appropriate
for Linux:
fuser -k 80/tcp
or,
kill $(lsof -t -i:80)
Related
my webserver runs ~ok, I can see that at least locally apache2 is responding to localhost and http://192.168.0.1 but if I try from another machine in the same subnet I can't see it. Of course I can ping/ssh the webserver and firewall is disabled. From the server if I try:
netstat -an | grep :80
I get:
tcp 0 0 192.168.0.1:80 0.0.0.0:* LISTEN
and my /etc/hosts just contains:
127.0.0.1 localhost
and I have a standard apache2.conf file. What can be wrong?
I am setting up iptables rules on the server where nginx and php-fpm are running. I have allow both 80 and 443 ports but as I see there are also addiitonal connections to higher ports that are blocked.
Sample output of
netstat -anpn | grep -v ":80"
tcp 0 1 10.0.0.1:8109 10.1.2.24:29837 SYN_SENT 19834/nginx: worker
tcp 0 1 10.2.3.45:31890 10.0.0.1:26701 SYN_SENT 17831/nginx: worker
10.0.0.1 is server IP, others are clients.
My iptables rules:
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
Can someone explain:
Why do nginx uses ports different from standard 80 and 443.
What is this additional ports range?
How to properly allow connections to nginx with iptables?
Thanks in advance!
Nginx will typically perform internal redirects when processing a request and this will establish connections on high numbered ports. I do not believe you can find this range.
Here is what I see for example:
tcp 0 0 192.168.0.126:80 0.0.0.0:* LISTEN 9432/nginx: worker
tcp 0 0 192.168.0.126:80 192.168.0.177:62950 ESTABLISHED 9432/nginx: worker
tcp 0 0 192.168.0.126:80 192.168.0.177:62949 ESTABLISHED 9432/nginx: worker
tcp 0 0 192.168.0.126:80 192.168.0.177:62947 ESTABLISHED 9432/nginx: worker
unix 3 [ ] STREAM CONNECTED 29213 9432/nginx: worker
The reason your firewall rules work is because you:
Have opened the required ports that your Nginx server listeners need (i.e. 80 and 443)
You have included the following firewall rule that allows all requests to localhost (127.0.0.1) so Nginx internal redirects that open high numbered ports are not blocked:
iptables -A INPUT -i lo -j ACCEPT
So to answer your questions:
Nginx server listeners can listen to any port you like not just 80 and 443. Why it uses additional ports is for internal redirects and as such an aspect of the implementation.
I do not believe you can find this range. In fact I would doubt any code would ask the system to utilize a certain port but rather would ask the OS for a high numbered unused port.
You may not have realized it but the firewall rules you implemented should work fine.
I use PHP-FPM with Nginx as well. I block all ports except 22/80/443 in iptables and haven't experienced any issues with connectivity. I examined my own netstat and it looks identical to your output. Are you sure your iptables rules are correct? Could you post the output of sudo iptables -L
Is there any way on Linux to get detailed analysis of network traffic to and from a process . Detailed analysis means the data as provided by tcpdump, wireshark.
How about using lsof to get further information on the process?
lsof -c $process
to see what files and network connections that are used by the process.
lsof -i | egrep 'mongod.*LISTEN'
to grep for all connections to the mongod process. From this you can see what port the process is listening on
$ lsof -i | egrep 'mongod.*LISTEN'
mongod 64223 fred 6u IPv4 0xffffff80298fec20 0t0 TCP *:27017 (LISTEN)
mongod 64223 fred 7u IPv4 0xffffff8017393500 0t0 TCP *:28017 (LISTEN)
mongod 64224 fred 9u IPv4 0xffffff8014038500 0t0 TCP *:27018 (LISTEN)
mongod 64224 fred 10u IPv4 0xffffff801746f880 0t0 TCP *:28018 (LISTEN)
......
......
......
and so then run tcpdump on that port.
HTH!
I develop on Mac (Lion) with Eclipse and GlassFish 3.1. GlassFish uses ports 8080 and 4848. Suddenly when I try to launch GlassFish it tells me it can't because there's a port conflict.
As far as I can tell, nothing is using that port. I shutdown everything and restart the Mac and still get the same error when I run GlassFish. I uninstalled GlassFish, deleted all the directories, restarted my machine, reinstalled GlassFish and same problem.
I created a new test user on my Mac, log out as me, log in as him, install GlassFish under that users account and it runs fine there.
It's like there's something in my user account that makes my Mac or GlassFish think that port is in use.
Does anyone know how I might solve this problem? I hate the idea of having to create a new account on my Mac and transfer all of my data there. Seems like an excessive solution.
Any ideas?
Rob
UPDATE: Doing a "lsof -i :8080" shows me this:
$ lsof -i :8080
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
launchd 158 stephen 8u IPv4 0xffffff8014945fa0 0t0 TCP *:http-alt (LISTEN)
launchd 158 stephen 10u IPv6 0xffffff8014941240 0t0 TCP *:http-alt (LISTEN)
printerAg 232 stephen 5u IPv4 0xffffff8014945fa0 0t0 TCP *:http-alt (LISTEN)
printerAg 232 stephen 6u IPv6 0xffffff8014941240 0t0 TCP *:http-alt (LISTEN)
I guess that means there is something on port 8080? If so, what are launchd and printerAg? And why are they running on this user account, but not on the new user account I created? Thanks!
You can also change the port of HP printers from 8080 to 18089 by the following command:
sudo sed -i "" -e "s|8080|18089|g" ~/Library/LaunchAgents/com.hp.printerAgent.plist
Then restart you system.
Check who is using the port:
lsof -i :8080 -i :4848
I have created a J2EE application that runs on GlassFish, HTTPS enabled. When the user typed http: //www.mydomain.com:8080/app, it will be redirected to https: //www.mydomain.com:8181/app/login.
However, when I see in some of the websites, it can actually redirected to something like https: //www.mydomain.com/app/login (without the HTTPS port 8181). Does this means that the server is running both HTTP and HTTPS on port 80?
How to configure this on GlassFish 3.1?
Non-root user should not use ports below 1024.
It is better to do port forwarding from 80 to 8080 and 443 (https default) to 8181.
Execute this as root:
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8181
Need to make this permanent:
iptables-save -c > /etc/iptables.rules
iptables-restore < /etc/iptables.rules
and call during startup, vi /etc/network/if-pre-up.d/iptablesload
#!/bin/sh
iptables-restore < /etc/iptables.rules
exit 0
You can also configure it in the admin web gui under:
Configuration -> Server Config -> Network Config -> Network Listeners
Just to give out more details on alexblum's answer, when you login into the Glassfish Admin panel, go to Configurations -> server-config -> Network Listeners in Network Config.
Then click on New to add a new listener.
On the new listener page, just select 80 as your port and put 0.0.0.0 as your IP.
Select tcp as your Transport and use http-thread-pool as your Thread Pool
Save and Restart your Glassfish instance.
Thats what worked for me anyways.
The default port for HTTP is 80. When you access a URL: http://www.example.com/ you are connecting to www.example.com:80.
The default port for HTTPS is 443. When you access a URL: https://www.example.com/ you are connecting to www.example.com:443.
(See List of port numbers)
(See configuration of GlassFish to use other ports)