I'm setting up my web server on Amazon's EC2. My site used to run locally and used my ISP's SMTP server to send email, which hasn't been a problem before - but now that the emails are originating from outside my ISP won't accept them.
Therefore, I'm trying the advice here to use EmailRelay to forward emails, adding authentication, via my account on Google.
I've followed the instructions, created the emailrelay.auth file, run the configure, make, make install, but when I try to start the emailrelay service I'm getting this error:
$ emailrelay --as-proxy smtp.gmail.com:587 --client-tls --client-auth /etc/emailrelay.auth
emailrelay: error: cannot bind the listening port: 0.0.0.0:25
emailrelay: exception: cannot bind the listening port: 0.0.0.0:25
I've looked through the user guide, tried using the --interface option thinking this might be the issue - providing various IPs, with no joy - and I don't know what to try next.
(my server is running Oracle Enterprise Linux 5.1)
EDIT:
Since sendmail is running on port 25, I've tried an alternative port. Now I get a new error:
$ emailrelay --as-proxy smtp.gmail.com:587 --client-tls --client-auth /etc/emailrelay.auth --port 8025
emailrelay: error: cannot do tls/ssl: openssl not built in
emailrelay: exception: cannot do tls/ssl: openssl not built in
After killing sendmail, I've retried with port 25 and I get the same error ("cannot do tls/ssl: openssl not built in").
EDIT:
Looks like openssl is not installed:
$ grep ssl config.log
$ ./configure --with-openssl
configure:7373: checking for openssl
conftest.cpp:31:25: error: openssl/ssl.h: No such file or directory
| #include <openssl/ssl.h>
configure:7431: WARNING: ignoring --with-openssl, check config.log and try setting CFLAGS
config.status:719: creating src/gssl/Makefile
The error means that it can't gain exclusive access to port 25 (the default port for SMTP). This is either because it is already in use, or because, as an unprivileged user, you don't have access to ports numbered less than 1024.
There may already be a program running on port 25. Probably sendmail, but possibly postfix or qmail (I don't know what Oracle uses for mail). You will need to shut any such program down.
If you shut down any email software on the computer and run emailrelay as root, you will probably not get that error message.
I got to this question having the same issue on an EC2 instance running Ubuntu.
For Ubuntu:
first sudo apt-get install libssl-dev
then (re-)run ./configure && make && sudo make install
Now either using :25 if clear, or feeding another port to emailrelay --port 12345 it works as expected.
Related
This question shows research effort; it is useful and clear
I have checked the cURL not working properly
When I run the command curl -I https://www.example.com/sitemap.xml
curl: (7) Failed to connect
Failed to connect on all port
this error only on one domain, all other domain working fine, curl: (7) Failed to connect to port 80, and 443
Thanks...
First Check your /etc/hosts file entries, may be the URL which You're requesting, is pointing to your localhost.
If the URL is not listed in your /etc/hosts file, then try to execute following command to understand the flow of Curl Execution for the particular URL:
curl --ipv4 -v "https://example.com/";
After many search, I found that Hosts settings not correct
Then I check nano /etc/hosts
The Domain point to wrong IP in hosts file
I change the wrong IP and its working Fine
This is new error Related to curl: (7) Failed to connect
curl: (7) Failed to connect
The above error message means that your web-server (at least the one specified with curl) is not running at all — no web-server is running on the specified port and the specified (or implied) port. (So, XML doesn't have anything to do with that.)
you can download the key with browser
then open terminal in downloads
then type sudo apt-key add <key_name>.asc
Mine is Red Hat Enterprise(RHEL) Virtual Machine and I was getting something like the following.
Error "curl: (7) Failed to connect to localhost port 80: Connection refused"
I stopped the firewall by running the following commands and it started working.
sudo systemctl stop firewalld
sudo systemctl disable firewalld
If the curl is to the outside world, like:
curl www.google.com
I have to restart my cntlm service:
systemctl restart cntlm
If it's within my network:
curl inside.server.local
Then a docker network is overlapping something with my CNTLM proxy, and I just remove all docker networks to fix it - you can also just remove the last network you just created, but I'm lazy.
docker network rm $(docker network ls -q)
And then I can work again.
I am installing chef-server on this VPS that my friend let me borrow.
I was able to install chef and run chef-server-ctl reconfigure successfully.
I ran into problems because I need to change the iptable rules and I discovered that I cannot find chef-server running on any port or as a service.
When I run chef-server-ctl it seems to pass all the tests, so I know its API is working.
Where can I find that chef is running?
I need to change my iptables so that I can use knife to communicate with chef-server.
First off it sounds like you installed Chef Server, not Chef, important distinction :) Second, there is no specific process called chef-server. The frontend routing is handled by nginx which binds on port 443 and 80 (80 is just a redirector to 443 and can be blocked or disabled if desired). Internally we have a bunch of different smaller services like oc_erchef, bifrost, oc_id, etc. These all listen on localhost and are reached via Nginx.
You have installed Chef server and have reconfigured the server, you can't find a chef-server.
you can run below commands to check all the services that are running chef server
$ chef-server-ctl service-list
bookshelf*
nginx*
oc_bifrost*
oc_id*
opscode-chef-mover*
opscode-erchef*
opscode-expander*
opscode-solr4*
rabbitmq*
redis_lb*
postgresql*
To update the port number you need to update
/etc/chef-server/chef-server.rb - in Chef 11
/etcopscode/chef-server.rb - in Chef 12
nginx['non_ssl_port'] = portnumber
And also how are using knife command? Do you want ssl check to be passed then you need to add a line in knife.rb file
ssl_verify_mode: verify_none
'
I am working on a CentOS 6.4 64-bit, as root. I am trying to set up the system snmpd agent, so that it listens on a port other than 161, e.g. 8001. I successfully got that on Debian 7.x by just changing the port number in /etc/snmp/snmpd.conf:
agentAddress udp:127.0.0.1:8001
and restarting the service with /etc/init.d/snmpd restart. It was straightforward. However, I tried several things but I didn't manage to do that on CentOS, i.e. snmpd will fail to start.
These are the last two lines written in /var/log/messages when I try to run it with that line in snmpd.conf:
Oct 13 15:47:40 localhost snmpd[4775]: Error opening specified endpoint "udp:127.0.0.1:8001"
Oct 13 15:47:40 localhost snmpd[4775]: Server Exiting with code 1
On the other hand, if I run the program directly, it will start and will happily open port 8001:
/usr/sbin/snmpd udp:127.0.0.1:8001
or:
/usr/sbin/snmpd udp:8001
Both ways work.
I have googled and read about /etc/sysconfig/snmpd, but adding some options in this file did not work either. For info, I disabled iptables (ipdatables -F).
Could anybody help me on this?
Thanks in advance,
Antonio
I installed a tomcat7 server on a ubuntu 12.04 box. I simply used "apt-get install tomcat7". I did not install apache2. I can access the default page from localhost:8080, 127.0.0.1:8080, and 192.168.1.201:8080, where the latter is the IP address from my LAN. my end goal is to be able to access the web server from outside the LAN with port forwarding. For now, however, I can't even access it inside the LAN.
Problem:
I can't access the web page from any other computer (windows 7, iPad) on the same LAN! I
get the "connection has timed out" error from the browser.
Question: Can I run tomcat on it's own without installing Apache2 first? This is the current setup and I can access pages hosted on tomcat on the same server, but not over the LAN.
Other information:
I can ping the ubuntu computer from other machines
The ubuntu firewall is disabled (checked via the firewall GUI interface).
I also tried "sudo ufw disable"
I tried: "sudo service iptables stop" and got the message: "iptables: unrecognized service"
I also tried disabling the appArmor firewall:
sudo /etc/init.d/apparmor stop
sudo /etc/init.d/apparmor teardown
sudo update-rc.d -f apparmor remove
I set the router firewall policy to minimum: inbound: accept all; outbount: accept all.
All computers (including ubuntu server) are connected to LAN via wireless
The ubuntu server IP address is static, not DHCP
I checked the SELinux folder and it's empty. I removed it.
Thank you for your help,
Omar
EDIT:
I can connect from within the LAN using ssh (I installed OpenSSH on ubuntu).
ANSWER:
I found the solution to this problem. It turned out there was a firewall active that was blocking the port. The firewall is called "firestarter". Not sure how this was installed, but it can be downloaded from the ubuntu software center. The default inboud policy blocks all ports except for SSH (22). I opened port 8080 and everything worked just fine. The other firewalls (ufw and SELinux) were disabled.
Thank you all again for your help.
Omar
First of all make sure all of the IP addresses are topologically correct, then ping to the your apache server system, If all this succeeds your network is fine.
Now the question are you using the Ubuntu Server edition? if this is the case i believe you can setup apache out of the box.
In case of the Desktop edition you could install it using command line or just install something like XAMP from apache friends.
Make sure your apache Server is started
If you do not already have Apache installed, you can do so now by issuing the following commands:
sudo apt-get update
sudo apt-get install apache2
This is all that is necessary to have a working web server.
I think, "apt-get install tomcat7" doesnt works in Ubuntu. You have to manually download the TAR file & then you can install it with the scripts. Please check whether it is properly installed or not. it should show a Apache Tomcat Homepage # localhost:8080
Also if it is installed properly, check whether it is running on the port 8080, or any other port.
If everything is fine, then disable the firewall of the Server, where you have installed the Tomcat. check for the server IP.
Now from other machine, access that server using http://server_ip:port
This should work fine. No issues should be there.
The other thing, you have metioned in your question, UBUNTU BOX. May be this issue arises due to UBUNTU BOX. If possible, make a clean install of Ubuntu.
I have NRPE daemon process running under xinetd on amazon ec2 instance and nagios server on my local machine.
The check_nrpe -H [amazon public IP] gives this error:
CHECK_NRPE: Error - Could not complete SSL handshake.
Both Nrpe are same versions. Both are compiled with this option:
./configure --with-ssl=/usr/bin/openssl --with-ssl-lib=/usr/lib/i386-linux-gnu/
"allowed host" entry contains my local IP address.
What could be the possible reason of this error now??
If you are running nrpe as a service, make sure you have this line in your nrpe.cfg on the client side:
# example 192. IP, yours will probably differ
allowed_hosts=127.0.0.1,192.168.1.100
You say that is done, however, if you are running nrpe under xinetd, make sure to edit the only_from directive in the file /etc/xinetd.d/nrpe.
Don't forget to restart the xinetd service:
service xinetd restart
To check if you have access to it at all attempt a simple telnet on the address:port, a ping or traceroute to see where it is blocking.
telnet IP port
ping IP
traceroute -p $port IP
Also check on the target server that the nrpe daemon is working properly.
netstat -at | grep nrpe
You also need to check the versions of OpenSSL installed on both servers, as I have seen this break checks on occasion with the SSL handshake!
check your /var/sys/system.log . In my case, it turned out my monitored IP was set to something else than the one I set in nrpe.cfg file. I don't know the cause of this change, though.
#jgritty was right.
you should edit nrpe.cfg and nrpe config files to allow your master nagios server's access:
vim /usr/local/nagios/etc/nrpe.cf
allowed_hosts=127.0.0.1,172.16.16.150
and
vim /etc/xinetd.d/nrpe
only_from= 127.0.0.1 172.16.16.150
That's somewhat of a catch-all error message for NRPE. Check your firewall rules and make sure that port is open. Also try disabling SELinux and seeing if that lets the connection through. It's likely not an SSL issue, but just an issue with the connection being refused.
It looks like you are running your Nagios server in a virtual machine on a host-only network. If this is so, this would stop any external access. Ensure that you have a NAT or Bridged Network available.
So many answers, none of them hit the reason why I ran into this issue.
It turns out that nagios has terrible cross-version support and this was caused by me having a version 2 "client" (machine being monitored) and a version 3 "server" (monitoring machine).
Once I upgraded the client to version 3, the problem went away and I could do a check_nrpe -H [client IP] without issues.
Note that I am not sure if client/server are the right terms with nagios, as in the case of an NRPE call, the server is really the machine being called, but I digress.
Make sure that you have restarted the Nagios Client Plugin as well.
I'm running nrpe using the xinetd service.
Make sure also (in addition to the above basic steps) that your nagios user is authenticating properly. In my case:
Jun 6 15:05:52 gse2 xinetd[33237]: **Unknown user: nagios**<br>[file=/etc/xinetd.d/nrpe] [line=9]
Jun 6 15:05:52 gse2 xinetd[33237]: Error parsing attribute user - DISABLING
SERVICE [file=/etc/xinetd.d/nrpe] [line=9]
Jun 6 15:05:52 gse2 xinetd[33237]: **Unknown group: nagios**<br>[file=/etc/xinetd.d/nrpe] [line=10]
Jun 6 15:05:52 gse2 xinetd[33237]: Error parsing attribute group - DISABLING
SERVICE [file=/etc/xinetd.d/nrpe] [line=10]
Jun 6 15:05:52 gse2 xinetd[33237]: Service nrpe missing attribute user - DISABLING
Was showing in the /var/log messages.
It escaped me at first, but then I did a check on ypbind service and found it was not started.
After starting ypbind, nagios user and group was authenticating properly, the error went away.
some edge cases restarting nagios-nrpe-server doesn't help, due to the fact that process was not killed or it was not properly restarted.
just kill it manually then, and start.
SSL handshake error msg.Beside the allow_host you should assign.
your nagios server is in a local lan with C type ip address such as 192.168.xxxx
when the target monitored server feedback the ssl msg to your local nagios server,the message should first comes to your public IP of your line,the message cannot across the public IP into your nagios server which ip is an internal one.
you need NAT to guide the SSL message from target server to inner nagios server.
Or you better use "GET" method which just get monitor message from the nagios client side,such as SNMP to fulfill the remote monitor of local resource of linux servers.
SSL need feedback in double direction.
Best Regards
For me setting the following in /etc/nagios/nrpe.cfg on Client worked:
dont_blame_nrpe=1
It's and ubuntu 16.04 machine.
For other possible problems, I recommend looking at nrpe logs. Here is good article for configuring logs.
If you are running Debian 9 then there is a known issue regarding this problem, caused by OpenSSL dropping support for the method NRPE uses to initiate anonymous SSL connections.
The issue seems to be fixed but the fix hasn't made it into the official packages, yet.
Currently there seems to be no secure work-around.
check configuration in /etc/xinetd.d/nrpe and verify the server IP. If it is showing only_from = 127.0.0.1 change it with Server IP .