I'm running Ubuntu 20.04.1 LTS on a Linode server and OpenLiteSpeed openlitespeed.org
.
I'm getting timeouts for example.com:8088
and example.com:7080
, the two OpenLiteSpeed admin and config pages, in a browser.
But while logged in via SSH, running
curl 127.0.0.1
gives me the text of the index.html file at root, and
curl http://localhost:8088
gives me the html dump of the OpenLiteSpeed admin page.
From another host, running curl 123.45.67.123
works.
Going directly to the site/server IP 123.45.67.123
works.
From another host, running curl example
does not return anything.
Going to example.com
in a browser works and shows me the index.html page.
Pinging example.com
works.
But I can't connect to example.com:8088
or example.com:7080
in a browser.
Apache is running, but OpenLiteSpeed hasn't yet been configured to use port 80, since I can't get to the admin pages.
ufw status shows:
65500 ALLOW Anywhere
443 ALLOW Anywhere
443/tcp ALLOW Anywhere
7080/tcp ALLOW Anywhere
8088/tcp ALLOW Anywhere
OpenSSH ALLOW Anywhere
80/tcp ALLOW Anywhere
65500 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
7080/tcp (v6) ALLOW Anywhere (v6)
8088/tcp (v6) ALLOW Anywhere (v6)
OpenSSH (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
Completely disabling ufw makes no difference with the issue.
Any ideas?
Edit 10/25/2020:
Edit 10/26/2020
This worked from my local Mac with port 7080 denied in ufw
on the server and brings up the OLS admin page:
ssh -L 7080:123.45.67.123:7080 [email protected]
Important note: I was using CloudFlare, which was part of the problem. CloudFlare blocks port 7080 (as well as others; see https://support.cloudflare.com/hc/en-us/articles/200169156-Identifying-network-ports-compatible-with-Cloudflare-s-proxy ). So in order to use the localhost tunnel as Carles Mateo's answer, you need to change OpenLiteSpeed's admin port to an allowed CloudFlare port (like 8443) in /usr/local/lsws/admin/conf/admin_config.conf
, restart OpenLiteSpeed. And also disable any SSLs at CloudFlare, at least until you configure an SSL that doesn't throw security errors.
Overall, my solution to protect the OpenLiteSpeed admin page from script kiddies, etc., while using CloudFlare is to change to and use port 8443 to configure OLS settings, and then via SSH change that port back to 7080, which is blocked by default by CloudFlare.