Friday, May 3, 2024
Homepage · networking
 Popular · Latest · Hot · Upcoming
2
rated 0 times [  2] [ 0]  / answers: 1 / hits: 8242  / 2 Years ago, thu, february 24, 2022, 9:48:25

I'm running Ubuntu 20.04.1 LTS on a Linode server and OpenLiteSpeed openlitespeed.org.


I'm getting timeouts for example.com:8088 and example.com:7080, the two OpenLiteSpeed admin and config pages, in a browser.


But while logged in via SSH, running
curl 127.0.0.1
gives me the text of the index.html file at root, and
curl http://localhost:8088
gives me the html dump of the OpenLiteSpeed admin page.


From another host, running curl 123.45.67.123 works.


Going directly to the site/server IP 123.45.67.123 works.


From another host, running curl example does not return anything.


Going to example.com in a browser works and shows me the index.html page.


Pinging example.com works.


But I can't connect to example.com:8088 or example.com:7080 in a browser.


Apache is running, but OpenLiteSpeed hasn't yet been configured to use port 80, since I can't get to the admin pages.


ufw status shows:


65500                ALLOW        Anywhere                 

443                    ALLOW        Anywhere                 

443/tcp                ALLOW        Anywhere                 

7080/tcp            ALLOW        Anywhere                 

8088/tcp            ALLOW        Anywhere                 

OpenSSH        ALLOW        Anywhere                 

80/tcp                ALLOW        Anywhere                 

65500 (v6)        ALLOW        Anywhere (v6)            

443 (v6)            ALLOW        Anywhere (v6)            

443/tcp (v6)        ALLOW        Anywhere (v6)            

7080/tcp (v6)    ALLOW        Anywhere (v6)            

8088/tcp (v6)    ALLOW        Anywhere (v6)            

OpenSSH (v6)    ALLOW        Anywhere (v6)            

80/tcp (v6)        ALLOW        Anywhere (v6)

Completely disabling ufw makes no difference with the issue.


Any ideas?



Edit 10/25/2020:


enter image description here



Edit 10/26/2020


This worked from my local Mac with port 7080 denied in ufw on the server and brings up the OLS admin page:


ssh -L 7080:123.45.67.123:7080 [email protected]


Important note: I was using CloudFlare, which was part of the problem. CloudFlare blocks port 7080 (as well as others; see https://support.cloudflare.com/hc/en-us/articles/200169156-Identifying-network-ports-compatible-with-Cloudflare-s-proxy ). So in order to use the localhost tunnel as Carles Mateo's answer, you need to change OpenLiteSpeed's admin port to an allowed CloudFlare port (like 8443) in /usr/local/lsws/admin/conf/admin_config.conf, restart OpenLiteSpeed. And also disable any SSLs at CloudFlare, at least until you configure an SSL that doesn't throw security errors.


Overall, my solution to protect the OpenLiteSpeed admin page from script kiddies, etc., while using CloudFlare is to change to and use port 8443 to configure OLS settings, and then via SSH change that port back to 7080, which is blocked by default by CloudFlare.


More From » networking
 Answers
3

I think that your problem is that OpenLiteSpeed is only listening on localhost address.


Please make sure that is listening for 0.0.0.0, which means all the addresses. In my sample there are processes listening on 127.0.0.1 and processes listening on all the ip's in IPV4 0.0.0.0 and IPV6 :::


carles@fast:~$ sudo netstat -tulpn | grep LISTEN

[sudo] password for carles: 

tcp        0      0 127.0.0.1:6942          0.0.0.0:*               LISTEN      45335/java          

tcp        0      0 127.0.0.1:41601         0.0.0.0:*               LISTEN      45335/java          

tcp        0      0 127.0.0.1:63342         0.0.0.0:*               LISTEN      45335/java          

tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      827/systemd-resolve 

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1143/sshd: /usr/sbi 

tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      455095/cupsd        

tcp        0      0 127.0.0.1:34585         0.0.0.0:*               LISTEN      160123/java         

tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      2072/master         

tcp        0      0 127.0.0.1:43195         0.0.0.0:*               LISTEN      160123/java         

tcp6       0      0 :::22                   :::*                    LISTEN      1143/sshd: /usr/sbi 

tcp6       0      0 ::1:631                 :::*                    LISTEN      455095/cupsd        

tcp6       0      0 :::25                   :::*                    LISTEN      2072/master

If you want to debug if traffic gets from other sites, run tcpdump on the Server and attempt to connect from another machine. You'll see if there is that attempt.
Please check this before and provide an answer to continue debugging.


But whatever your connectivity problem is you can get to the localhost:8088 from your browser using a tunnel.


If you use Ubuntu as your Desktop you can do:


ssh -L LOCAL_PORT:DESTINATION:DESTINATION_PORT [USER@]SSH_SERVER

For example:


ssh -L 8088:123.45.67.89:8080 [USER@]123.45.67.89

Then in your browser you just connect to localhost:8088 and the tunnel will make the magic and your Server will believe that the connection is made local, so you can configure anything from your browser.


Cheers


[#2545] Saturday, February 26, 2022, 2 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
rmiend
Add To Favorites
Follow
Total Points: 292
Total Questions: 101
Total Answers: 111
Location: Azerbaijan
Member since Tue, Aug 9, 2022
2 Years ago
rmiend questions
Sun, Nov 6, 22, 18:35, 2 Years ago
Wed, Sep 15, 21, 17:00, 3 Years ago
Tue, Jan 18, 22, 23:52, 2 Years ago
Sat, Sep 17, 22, 15:44, 2 Years ago
Thu, Apr 28, 22, 12:29, 2 Years ago
View All
;