I have been given a centos server to lauch eclipse orion code editor. I installed eclipse orion as per the instruction on https://wiki.eclipse.org/Orion/How_Tos/Install_Orion_on_Localhost (steps for linux using jetty server). It works fine on centos browser. The centos os is running on 198.168.1.226. So that I can access the following urls on web browser of centos.
198.168.1.226:8080
localhost:8080
127.0.0.1:8080
0.0.0.0:8080
But when I tried to access the 198.168.1.226:8080 from other local machines on local network, that is not accessible. I searched the StackOverflow Questions like how to make jetty server accessible from LAN? and Unable to access jetty server with local IP address but both are useless for me. How can I fix this situation? Can I fix it editing the code on orion.ini file or need to deal with configuration file or something else?
I have also tried the orion for windows computer but it worked itself for accessing the orion system for any other computer in local network. But I am surprised to face it on centos using the jetty server for setting up eclipse-orion system .
First of all check that have you allowed specific port (8080) from eclispse.
add rule with that port no. in centos iptables as below:-
iptables -A INPUT -p tcp --dport 8080 (adjust according your port no.) -j ACCEPT
I run 10 minecraft PE servers using Multicraft and PocketMine for linux which has recently been updated to run on PHP7. Everything works fine on 7 of the servers I updated, but 3 of them will not allow any UDP connections (despite starting and seemingly running correctly), however the same servers when configured to use PHP5 start working perfectly.
I'm running CentOS7 CLI on a dedicated server, and have tried reconfiguring and disabling firewalld to no avail. If I change the port of a broken server to that of a working server everything starts working... so I'm wondering why the switch to use PHP7 causes connections on these ports to fail. I've run netstat etc to see if anything is interfering, but everything looks identical whether they are running PHP5 or PHP7.
The only pattern I can see is that those that don't work are the three highest ports:
Ports that allow connections on PHP5 and PHP7:
19132, 19133, 17171, 20000, 25252, 11111, 12321, 23456
Ports working with PHP5 but not working with PHP7:
33333, 55555, 41414
Any ideas what is going on?
Thanks
I have NRPE daemon process running under xinetd on amazon ec2 instance and nagios server on my local machine.
The check_nrpe -H [amazon public IP] gives this error:
CHECK_NRPE: Error - Could not complete SSL handshake.
Both Nrpe are same versions. Both are compiled with this option:
./configure --with-ssl=/usr/bin/openssl --with-ssl-lib=/usr/lib/i386-linux-gnu/
"allowed host" entry contains my local IP address.
What could be the possible reason of this error now??
If you are running nrpe as a service, make sure you have this line in your nrpe.cfg on the client side:
# example 192. IP, yours will probably differ
allowed_hosts=127.0.0.1,192.168.1.100
You say that is done, however, if you are running nrpe under xinetd, make sure to edit the only_from directive in the file /etc/xinetd.d/nrpe.
Don't forget to restart the xinetd service:
service xinetd restart
To check if you have access to it at all attempt a simple telnet on the address:port, a ping or traceroute to see where it is blocking.
telnet IP port
ping IP
traceroute -p $port IP
Also check on the target server that the nrpe daemon is working properly.
netstat -at | grep nrpe
You also need to check the versions of OpenSSL installed on both servers, as I have seen this break checks on occasion with the SSL handshake!
check your /var/sys/system.log . In my case, it turned out my monitored IP was set to something else than the one I set in nrpe.cfg file. I don't know the cause of this change, though.
#jgritty was right.
you should edit nrpe.cfg and nrpe config files to allow your master nagios server's access:
vim /usr/local/nagios/etc/nrpe.cf
allowed_hosts=127.0.0.1,172.16.16.150
and
vim /etc/xinetd.d/nrpe
only_from= 127.0.0.1 172.16.16.150
That's somewhat of a catch-all error message for NRPE. Check your firewall rules and make sure that port is open. Also try disabling SELinux and seeing if that lets the connection through. It's likely not an SSL issue, but just an issue with the connection being refused.
It looks like you are running your Nagios server in a virtual machine on a host-only network. If this is so, this would stop any external access. Ensure that you have a NAT or Bridged Network available.
So many answers, none of them hit the reason why I ran into this issue.
It turns out that nagios has terrible cross-version support and this was caused by me having a version 2 "client" (machine being monitored) and a version 3 "server" (monitoring machine).
Once I upgraded the client to version 3, the problem went away and I could do a check_nrpe -H [client IP] without issues.
Note that I am not sure if client/server are the right terms with nagios, as in the case of an NRPE call, the server is really the machine being called, but I digress.
Make sure that you have restarted the Nagios Client Plugin as well.
I'm running nrpe using the xinetd service.
Make sure also (in addition to the above basic steps) that your nagios user is authenticating properly. In my case:
Jun 6 15:05:52 gse2 xinetd[33237]: **Unknown user: nagios**<br>[file=/etc/xinetd.d/nrpe] [line=9]
Jun 6 15:05:52 gse2 xinetd[33237]: Error parsing attribute user - DISABLING
SERVICE [file=/etc/xinetd.d/nrpe] [line=9]
Jun 6 15:05:52 gse2 xinetd[33237]: **Unknown group: nagios**<br>[file=/etc/xinetd.d/nrpe] [line=10]
Jun 6 15:05:52 gse2 xinetd[33237]: Error parsing attribute group - DISABLING
SERVICE [file=/etc/xinetd.d/nrpe] [line=10]
Jun 6 15:05:52 gse2 xinetd[33237]: Service nrpe missing attribute user - DISABLING
Was showing in the /var/log messages.
It escaped me at first, but then I did a check on ypbind service and found it was not started.
After starting ypbind, nagios user and group was authenticating properly, the error went away.
some edge cases restarting nagios-nrpe-server doesn't help, due to the fact that process was not killed or it was not properly restarted.
just kill it manually then, and start.
SSL handshake error msg.Beside the allow_host you should assign.
your nagios server is in a local lan with C type ip address such as 192.168.xxxx
when the target monitored server feedback the ssl msg to your local nagios server,the message should first comes to your public IP of your line,the message cannot across the public IP into your nagios server which ip is an internal one.
you need NAT to guide the SSL message from target server to inner nagios server.
Or you better use "GET" method which just get monitor message from the nagios client side,such as SNMP to fulfill the remote monitor of local resource of linux servers.
SSL need feedback in double direction.
Best Regards
For me setting the following in /etc/nagios/nrpe.cfg on Client worked:
dont_blame_nrpe=1
It's and ubuntu 16.04 machine.
For other possible problems, I recommend looking at nrpe logs. Here is good article for configuring logs.
If you are running Debian 9 then there is a known issue regarding this problem, caused by OpenSSL dropping support for the method NRPE uses to initiate anonymous SSL connections.
The issue seems to be fixed but the fix hasn't made it into the official packages, yet.
Currently there seems to be no secure work-around.
check configuration in /etc/xinetd.d/nrpe and verify the server IP. If it is showing only_from = 127.0.0.1 change it with Server IP .
This question has been asked before, but no real answer has been given ( to the best of my knowledge).
Here is the link to the original question:
Start Tomcat from Eclipse in port 80 in Ubuntu with Authbind.
I do need torun tomcat on port 80.
I prefer not having to install tomcat on the computer. I believe it is not required.
I want to avoid using port forwarding ( I have to do it now since I find no other solution)
I am using:
Ubuntu 12.04
Eclipse Juno
Tomcat 7
OpenJDK 64-Bit Serve - java version "1.7.0_07"
I am able to start tomcat in port 80 as a non root user and without installing tomcat.
I follow this article:
http://java.dzone.com/articles/running-tomcat-port-80-user
There are a lot of articles about the topic, but I found this article to be simple an complete.
When I try to start tomcat using eclipse it always fails and complains about port 80 been used. But it is not true.In fact, while eclipse is running and while the error is been shown in the screen I am able to manually start tomcat on port 80.
I have noticed that eclipse complains about port 80 been used when it does not have access rights to that port. I did get the same error before I was not able to manually run tomcat on port 80. The difference is that when I manually run tomcat it did log an access right error, and eclipse complains about the usage of the port.
I have modified the eclipse tomcat launcher to include the option "-Djava.net.preferIPv4Stack=true" and to start tomcat as "authbind --deep start"
But I always get the same error.
If I start eclipse as root them it works fine, so I do believe the problem is related to the access rights on port 80 and not to port to been used.
I do assume that eclipse starts tomcat with the same user rights used to start eclipse.
Could anybody provide some support?. I can work by using port forwarding, but I would really like to know what I am missing and how to do it right.
The easiest way is to start tomcat with a listener on port 8080 and forward port 80 to localhost:8080:
ssh -L 80:localhost:8080 <user>#localhost
Execute this command with sudo
I thing to run something which uses the ports 1-1024 under Linux the process has to have the root privileges.
I am not sure if I can be helpful to anyone, but I solved similar problem as described: I started tomcat with startup.sh script, it was working fine on port 80. I restarted machine (just in case) and tried starting the same tomcat from eclipse, but when I got error about port 80 being used.
Turns out eclipse does not take startup scripts from tomcat installation, so it does not use the authbind configuration. The best solution I came up with is to start eclipse with authbind:
authbind --deep ./STS
As to why this didn't work:
I have modified the eclipse tomcat launcher to include the option "-Djava.net.preferIPv4Stack=true" and to start tomcat as "authbind --deep start"
As I understand you tried passing "authbind --deep start" as arguments to tomcat. I believe the point of authbind is to start application authbind with tomcat as argument. I don't see any way to do it in eclipse.
I am also now learning eclipse like u. Even i faced the same problem as you. Then, i changed the port number then server is starting now.
To change the port number, u need to double click the Apache Tomcat at servers. Then click on ports and change the HTTP/1.1 port to any four digit number u wish and save it.
It will work.
I'm setting up my web server on Amazon's EC2. My site used to run locally and used my ISP's SMTP server to send email, which hasn't been a problem before - but now that the emails are originating from outside my ISP won't accept them.
Therefore, I'm trying the advice here to use EmailRelay to forward emails, adding authentication, via my account on Google.
I've followed the instructions, created the emailrelay.auth file, run the configure, make, make install, but when I try to start the emailrelay service I'm getting this error:
$ emailrelay --as-proxy smtp.gmail.com:587 --client-tls --client-auth /etc/emailrelay.auth
emailrelay: error: cannot bind the listening port: 0.0.0.0:25
emailrelay: exception: cannot bind the listening port: 0.0.0.0:25
I've looked through the user guide, tried using the --interface option thinking this might be the issue - providing various IPs, with no joy - and I don't know what to try next.
(my server is running Oracle Enterprise Linux 5.1)
EDIT:
Since sendmail is running on port 25, I've tried an alternative port. Now I get a new error:
$ emailrelay --as-proxy smtp.gmail.com:587 --client-tls --client-auth /etc/emailrelay.auth --port 8025
emailrelay: error: cannot do tls/ssl: openssl not built in
emailrelay: exception: cannot do tls/ssl: openssl not built in
After killing sendmail, I've retried with port 25 and I get the same error ("cannot do tls/ssl: openssl not built in").
EDIT:
Looks like openssl is not installed:
$ grep ssl config.log
$ ./configure --with-openssl
configure:7373: checking for openssl
conftest.cpp:31:25: error: openssl/ssl.h: No such file or directory
| #include <openssl/ssl.h>
configure:7431: WARNING: ignoring --with-openssl, check config.log and try setting CFLAGS
config.status:719: creating src/gssl/Makefile
The error means that it can't gain exclusive access to port 25 (the default port for SMTP). This is either because it is already in use, or because, as an unprivileged user, you don't have access to ports numbered less than 1024.
There may already be a program running on port 25. Probably sendmail, but possibly postfix or qmail (I don't know what Oracle uses for mail). You will need to shut any such program down.
If you shut down any email software on the computer and run emailrelay as root, you will probably not get that error message.
I got to this question having the same issue on an EC2 instance running Ubuntu.
For Ubuntu:
first sudo apt-get install libssl-dev
then (re-)run ./configure && make && sudo make install
Now either using :25 if clear, or feeding another port to emailrelay --port 12345 it works as expected.