Remote setup of LAMP server on CentOS 5

satimis · 01-29-2008, 04:36 AM

Quote:

Originally Posted by JT_DeLaHoya

This sounds like it is something else. As you can not access the CentOS from Ubuntu even if they physically reside on the same machine it does not have anything to do with your ISP.

Is the firewall turned on on your CentOS? If it is, please turn it off during testing or let through TCP 80 & 443 for http/https access.

Is the apache listening on 80 and 443? Confirm this using:
netstat -an | grep 80
and
netstat -an | grep 443

If it isn't listening. Try restarting/starting apache

/etc/init.d/httpd restart

If you still have no luck....

All steps below performed on Ubuntu. Iptables is running.

I found both

/etc/init.d/apache2

and

/etc/init.d/httpd.vmware

on Ubuntu

Prevously I ran "/etc/init.d/apache2 stop" to test the "Apache Test Page" on CentOS.

So I run;

$ sudo /etc/init.d/apache2 start

Code:

 * Starting web server (apache2)...         [ OK ]

$ netstat -an | grep 80

Code:

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN     
unix  2      [ ACC ]     STREAM     LISTENING     16280    private/trace
unix  2      [ ]         DGRAM                    8000     @/org/kernel/udev/udevd
unix  2      [ ACC ]     STREAM     LISTENING     18083    /var/run/vmware/root/5441/testAutomation-fd
unix  2      [ ACC ]     STREAM     LISTENING     18085    /var/run/vmware/root/5441/servercontrol-fd
unix  2      [ ACC ]     STREAM     LISTENING     18087    /var/run/vmware/root/5441/control-fd
unix  2      [ ACC ]     STREAM     LISTENING     18089    /var/run/vmware/root/5441/ui-fd
unix  2      [ ACC ]     STREAM     LISTENING     18093    /var/run/vmware/root/5441/mks-fd
unix  3      [ ]         STREAM     CONNECTED     18002    
unix  3      [ ]         STREAM     CONNECTED     18001    
unix  3      [ ]         STREAM     CONNECTED     14380

$ netstat -an | grep 443

Code:

tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN

Then I ran;

$ sudo /etc/init.d/httpd.vmware restart

Code:

   Shutting down http.vmware: -ne                                     failed

Shutting down http.vmware
   Starting httpd.vmware:-ne                                          failed

Starting httpd.vmware:
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
        LANGUAGE = (unset),
        LC_ALL = (unset),
        LANG = "en_HK.UTF-8"
    are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").

Edit: /etc/init.d/httpd.vmware
adding following line;

Code:

export LC_ALL=C ; export LANG=C

on top of the file.

$ sudo /etc/init.d/httpd.vmware start

Code:

   Starting httpd.vmware:                                              done

What is this script for???

$ netstat -an | grep 443

Code:

tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN

$ netstat -an | grep 80

Code:

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN     
unix  2      [ ACC ]     STREAM     LISTENING     16280    private/trace
unix  2      [ ]         DGRAM                    8000     @/org/kernel/udev/udevd
unix  2      [ ACC ]     STREAM     LISTENING     18083    /var/run/vmware/root/5441/testAutomation-fd
unix  2      [ ACC ]     STREAM     LISTENING     18085    /var/run/vmware/root/5441/servercontrol-fd
unix  2      [ ACC ]     STREAM     LISTENING     18087    /var/run/vmware/root/5441/control-fd
unix  2      [ ACC ]     STREAM     LISTENING     18089    /var/run/vmware/root/5441/ui-fd
unix  2      [ ACC ]     STREAM     LISTENING     18093    /var/run/vmware/root/5441/mks-fd
unix  3      [ ]         STREAM     CONNECTED     18002    
unix  3      [ ]         STREAM     CONNECTED     18001    
unix  3      [ ]         STREAM     CONNECTED     14380

$ netstat -an | grep 8080
No printout

port 8080 has been forwarded to 192.168.0.20 CentOS ip addr

Quote:

Confirm that you see something like Listen 80 and Listen 443 in your /etc/httpd/conf/httpd.conf

$ sudo find / -name httpd.conf

Code:

Password:
/usr/lib/vmware-mui/apache/conf/httpd.conf
/usr/lib/vmware-mui/src/apache/conf/httpd.conf
/usr/local/src/vmware-mui-distrib-1.0.4-56528/mui/apache/conf/httpd.conf
/usr/local/src/vmware-mui-distrib-1.0.4-56528/mui/src/apache/conf/httpd.conf
/home/satimis/httpd.conf
/etc/apache2/httpd.conf

Code:

#Listen 12.34.56.78:80
   <VirtualHost _default_:8222 _default_:80>
      # redirect port 8222 to 80
      # redirect port 80 to 443
#NameVirtualHost 12.34.56.78:80
      Listen 80
      # redirect port 8333 to 80
      # redirect port 433 to 80

$ cat /usr/lib/vmware-mui/src/apache/conf/httpd.conf | grep 80

Code:

#Listen 12.34.56.78:80
   <VirtualHost _default_:8222 _default_:80>
      # redirect port 8222 to 80
      # redirect port 80 to 443
#NameVirtualHost 12.34.56.78:80
      Listen 80
      # redirect port 8333 to 80
      # redirect port 433 to 80

$ cat /usr/local/src/vmware-mui-distrib-1.0.4-56528/mui/apache/conf/httpd.conf | grep 80

Code:

#Listen 12.34.56.78:80
   <VirtualHost _default_:8222 _default_:80>
      # redirect port 8222 to 80
      # redirect port 80 to 443
#NameVirtualHost 12.34.56.78:80
      Listen 80
      # redirect port 8333 to 80
      # redirect port 433 to 80

$ cat [code]/usr/local/src/vmware-mui-distrib-1.0.4-56528/mui/src/apache/conf/httpd.conf | grep 80

Code:

#Listen 12.34.56.78:80
   <VirtualHost _default_:8222 _default_:80>
      # redirect port 8222 to 80
      # redirect port 80 to 443
#NameVirtualHost 12.34.56.78:80
      Listen 80
      # redirect port 8333 to 80
      # redirect port 433 to 80

Quote:

the 443 might also have been configured in your ssl.conf.

$ locate ssl.conf

Code:

locate: warning: database `/var/cache/locate/locatedb' is more than 8 days old
/etc/apache2/mods-available/ssl.conf
/etc/apache2/mods-enabled/ssl.conf
/usr/share/doc/apache2.2-common/examples/apache2/extra/httpd-ssl.conf.gz
/usr/share/doc/apache2.2-common/examples/apache2/original/extra/httpd-ssl.conf.gz
/var/lib/dpkg/info/courier-imap-ssl.conffiles
/var/lib/dpkg/info/courier-pop-ssl.conffiles
/var/lib/dpkg/info/courier-ssl.config
/var/lib/dpkg/info/openssl.conffiles

$ cat /etc/apache2/mods-available/ssl.conf | grep 443
$ cat /etc/apache2/mods-enabled/ssl.conf | grep 443
both w/o printout

satimis

satimis · 01-29-2008, 08:20 AM

Quote:

Originally Posted by JT_DeLaHoya

Are you able to https or http to 192.168.0.20 from your ubuntu machine? If this works, I recommend that you try the connection from 'out side' your internal network as you probably have routing issues.

Hi T_DeLaHoya

Correction:-

Now I can run;

either
http://192.168.0.20 (CentOS IP addr)

or
https://192.168.0.20

on Ubuntu OR another PC on the network to display "Apache2 Test Page powered by CentOS".

But on another network (tried proxydom.com), none of;

http://public_ip:8080
https://public_ip:8080

can visit "Apache 2 Test Page"

Edit:

On proxydom.com

https://public_IP (displays Apache default page of Ubuntu)
https://public_IP:80 (nothing found)
https://public_IP:443 (displays Apache default page of Ubuntu)
https://public_IP:8080 (nothing found)

http://public_IP (displays Apache default page of Ubuntu)
http://public_IP:80 (displays Apache default page of Ubuntu)
https://public_IP:443 (directed to "http://proxydom.com/proxy.php?q=http%3A%2F%2Fsatimis.com%3A443&hl=222" with nothing displayed)
https://public_IP:8080 (nothing found)

satimis

dguitar · 01-29-2008, 11:14 AM

Quote:

Originally Posted by satimis

http://public_IP (displays Apache default page of Ubuntu)
http://public_IP:80 (displays Apache default page of Ubuntu)

If this is displaying the Ubuntu homepage, then you have (or ur ISP ) has setup port forwarding to the wrong Internal IP address.

Just want to point something else out to you - if you are running VMWare and you want ur Virtual Machine to be a web server, the Physical host does NOT need to be running those services. They are in no way related. Nor do you need to have those Ports open on the PHYSICAL host. Really all you need running is VMWare (IE: not SMTP/POP, WWW etc).

Summary - Apache and Sendmail should not be running on your Ubuntu - nor should port 80/443/8080 be open.

Code:

netstat -an | grep 443

This is checking to see if your machine is Listening on port 443 (which is the https port).

satimis · 01-29-2008, 08:44 PM

Hi dguitar,

Thanks for your advice.

This is my 1st time going virtualization. It is a test only NOT for production.

Quote:

If this is displaying the Ubuntu homepage, then you have (or ur ISP ) has setup port forwarding to the wrong Internal IP address.

I called ISP to double check my request "port 8080 to be forwarded to 192.168.0.20". They confirmed my request. Is there any way to check it here?

On Ubuntu
=========

$ netstat -an | grep 8080
No printout.

Does it mean port 8080 already forwarded? If YES how to check it has been forwarded to the correct internal IP on the router?

$ netstat -an | grep 80

Code:

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN     
unix  2      [ ]         DGRAM                    8000     @/com/ubuntu/upstart
unix  3      [ ]         STREAM     CONNECTED     18180

$ netstat -an | grep 443

Code:

tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN

Ports 80 and 443 are open. Which file I have to edit to disable them running? OR is there any way to stop them running temporarily? Thanks.

Quote:

Just want to point something else out to you - if you are running VMWare and you want ur Virtual Machine to be a web server, the Physical host does NOT need to be running those services. They are in no way related. Nor do you need to have those Ports open on the PHYSICAL host. Really all you need running is VMWare (IE: not SMTP/POP, WWW etc).

Noted and thanks. On this test I'm trying to make Ubuntu as Mail Server and CentOS as Web Server.

Quote:

Summary - Apache and Sendmail should not be running on your Ubuntu - nor should port 80/443/8080 be open.

Code:

netstat -an | grep 443

This is checking to see if your machine is Listening on port 443 (which is the https port).

On Ubuntu;

Ports 80 and 443 are open. Please see above. I stop /etc/init.d/apache2 running, leaving /etc/init.d/httpd.vmware running. I'm not much clear of the function of "httpd.vmware"? On CentOS /etc/init.d/httpd is running;

# /etc/init.d/httpd status

Code:

httpd (pid 2659 2658 2657 2656 2655 2654 2653 2652 2650) is running..

I made further check on CentOS of ports 80, 443, 8080 as follows;

satimis@mail:~$ ssh 192.168.0.20

Code:

satimis@192.168.0.20's password: 
Last login: Mon Jan 28 16:20:40 2008

(ssh connect CentOS)

[satimis@centos ~]$ su -
Password:
[root@centos ~]# netstat -an | grep 8080
No printout. Port 8080 is not listening ???

[root@centos ~]# netstat -an | grep 443
tcp 0 0 :::443 :::* LISTEN
Is port 443 listening OR NOT? "0 :::443" only one "0" there ?

[root@centos ~]# netstat -an | grep 80

Code:

tcp        0      0 :::80                       :::*                        LISTEN      
unix  2      [ ]         DGRAM                    6806   
unix  2      [ ]         DGRAM                    6480

Also one (1) "0" there.

Edit-1:

1)

Made futher test on Ubuntu as follows
=====================================

https://public_ip (display Apache default page of Ubuntu)
https://public_ip:80
(Alert popup - public_ip has sent an incorrect or unexpected message: Error Code:-12263 [OK].
pressing [OK] displays Apache default pape of Ubuntu)

https://public_ip:8080 (Unable to connect)
https://public_ip:443 (display Apache default page of Ubuntu)

http://public_ip (display Apache default page of Ubuntu)
http://public_ip:80 (display Apache default page of Ubuntu, w/o Alert popup)
http://public_ip:8080 (Unable to connect)
http://public_ip:443

Code:

(Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

Hint: https://mail.satimis.com/ )

2)
Called ISP again confirming port 8080 forwarded to 192.168.0.20 (CentOS IP addrs). ISP can't connect CentOS on 192.168.0.20 , connection refused. They asked me whether I need to have following 2 features enalbled;

- port triggering
- UPNP
???

I have no idea what are they for? Advice would be appreciated. TIA

3)
I can request ISP to have all 3 www ports 80, 443, 8080 forwarded to 192.168.0.20 (CentOS IP addr). In such arrangement Ubuntu will have no www ports. I won't run Ubuntu, the Mail Server, as a web server on this test. However I have Webmin and Usermin running on Ubuntu. They need web to connect. Will there be any problem? Thanks

Edit-2

ISP made following setting;

a)
Forward ports 80, 443 and 8080 all to CentOS, 192.168.0.20

Apache default page of CentOS can be visited with http://public_ip

But SquirrelMail, the Webmail, on Ubuntu can't work. It requires web. Any solution suggested? TIA

b)
Set DMZ on 192.168.0.20

Apache default page of CentOS can be visited with http://public_ip
But all other ports on Ubuntu won't work.

B.R.
satimis

satimis · 01-31-2008, 11:42 PM

Hi dguitar and folks,

Problem solved, not necessary to have all www ports, 80, 443 and 8080 forwarded to CentOS IP addr, 192.168.0.20. Either one of them can work. The trick is to add "Listen 8080" (any forwarded port) on;

/etc/httpd/conf/httpd.conf (CentOS)

# /etc/init.d/httpd restart (restart Apache2)

Now I can visit the "Apache2 Test Page powered by CentOS" on browser world-wide.

satimis