Can't change lighttpd's port for HaProxy reverse proxy Topic is solved

[Rilic]

HaProxy is installed, but isn't running. dietpi-services says it has failed, probably because I haven't fully set up the configuration yet. Here is its log:

Code: Select all

● haproxy.service - HAProxy Load Balancer 
│    Loaded: loaded (/etc/systemd/system/haproxy.service; disabled; vendor preset: enabled)
│    Active: failed (Result: exit-code) since Mon 2020-06-08 09:05:49 BST; 4h 27min ago
│   Process: 648 ExecStartPre=/usr/local/sbin/haproxy -f $CONFIG -c -q $EXTRAOPTS (code=exited, status=203/EXEC)
│                                                                                                                      │
│ Jun 08 09:05:49 Ouroboros systemd[1]: haproxy.service: Service RestartSec=100ms expired, scheduling restart. 
│ Jun 08 09:05:49 Ouroboros systemd[1]: haproxy.service: Scheduled restart job, restart counter is at 5. 
│ Jun 08 09:05:49 Ouroboros systemd[1]: Stopped HAProxy Load Balancer.
│ Jun 08 09:05:49 Ouroboros systemd[1]: haproxy.service: Start request repeated too quickly.
│ Jun 08 09:05:49 Ouroboros systemd[1]: haproxy.service: Failed with result 'exit-code'.
│ Jun 08 09:05:49 Ouroboros systemd[1]: Failed to start HAProxy Load Balancer.

I also cannot access my website using the internal IP and port 8080, so it really is just accessible through port 80...

[Joulinar]

can you remove HaProxy and deactivate port 443 on lighttpd. than restart everything

[Rilic]

I have now uininstalled HaProxy and disabled port 443. Port 80 is still apparently being used!

Here's the output of lsof -i -P -n | grep LISTEN:

Code: Select all

pihole-FT 351      pihole    5u  IPv4  12341      0t0  TCP *:53 (LISTEN)
pihole-FT 351      pihole    7u  IPv6  12343      0t0  TCP *:53 (LISTEN)
pihole-FT 351      pihole   10u  IPv4  11292      0t0  TCP 127.0.0.1:4711 (LISTEN)
pihole-FT 351      pihole   11u  IPv6  11294      0t0  TCP [::1]:4711 (LISTEN)
cloudflar 436 cloudflared    3u  IPv4  13642      0t0  TCP 127.0.0.1:45997 (LISTEN)
cloudflar 436 cloudflared    6u  IPv4  12886      0t0  TCP 127.0.0.1:5053 (LISTEN)
sshd      571        root    3u  IPv4  12975      0t0  TCP *:22 (LISTEN)
sshd      571        root    4u  IPv6  12977      0t0  TCP *:22 (LISTEN)
redis-ser 595       redis    7u  IPv4  13723      0t0  TCP 127.0.0.1:6379 (LISTEN)
redis-ser 595       redis    8u  IPv6  13724      0t0  TCP [::1]:6379 (LISTEN)
mysqld    660       mysql   21u  IPv4  13054      0t0  TCP 127.0.0.1:3306 (LISTEN)
lighttpd  727    www-data    4u  IPv4  13223      0t0  TCP *:8080 (LISTEN)
lighttpd  727    www-data    5u  IPv6  13224      0t0  TCP *:8080 (LISTEN)
gitea     731      dietpi    5u  IPv6  15796      0t0  TCP *:3000 (LISTEN)
Cuberite  736    cuberite   24u  IPv6  14150      0t0  TCP *:25565 (LISTEN)
Cuberite  736    cuberite   25u  IPv6  14151      0t0  TCP *:1339 (LISTEN)

I'm at a loss.

[Joulinar]

well me2. Can you stop service by service to have lighttpd running only

[Rilic]

Yeah, that seems to change nothing. Do you think there is an additional config file in /etc/lighttpd/config-enabled causing this, or something that I set up during the dietpi installation?

[Joulinar]

doesn't matter how much config files you have, there is no LISTEN port 80. Means you should not be able to reach anything at all on port 80. Can you try to clear cache on your browser

[Rilic]

I cleared my browser cache and now something weirder is happening. It seems to accept a connection on port 80 via HTTP, which then redirects to HTTPS because of an option I checked during install., where it is "unable to connect" because port 443 is no longer open.

I changed the port to 8035, just in case it was the fact that 8080 was overlapping with 80 or something, but that didn't have any effect...

[Rilic]

Extra: I tried on local IPs again, looks like it just rejects the connection on port 80 while my new port just times out. Weird.

EDIT: Alright, we're getting somewhere! It looks like the new port is working, but the connection is timing out.

[Joulinar]

ahh yeah you redirect http to https. pls can you have a look into /etc/lighttpd/conf-enabled. There you should have 2 files.

Code: Select all

-rw-r--r-- 1 root root 1735 Jun  8 21:12 letsencrypt.conf
-rw-r--r-- 1 root root  223 Jun  8 21:12 redirect.conf

pls remove them and restart your webserver

[Rilic]

Removing the files and rebooting did nothing to change anything... There are other symlinks in there but I don't want to touch them:

Code: Select all

root@Ouroboros:~# ls /etc/lighttpd/conf-enabled
10-fastcgi.conf  15-fastcgi-php.conf          99-dietpi-nextcloud.conf                  99-dietpi-pihole.conf
10-rewrite.conf  99-dietpi-dav_redirect.conf  99-dietpi-pihole-block_public_admin.conf  99-unconfigured.conf

EDIT: It's working! Firefox was screwing with me with dodgy cache.

Now then, how should I go about adding SSL to the webserver from HaProxy? I'd prefer it to be compatible with the guide I linked at the start of thread. Is there a way I could possibly use a wildcard certificate with certbot?