Can't change lighttpd's port for HaProxy reverse proxy Topic is solved

[Rilic]

Hey,

I'm trying to set up a reverse proxy so that each service/port has its own subdomain. So as an example, gitea would be git.example.com, a Matrix synapse server would be matrix.example.com and my main website would be just example.com with no subdomain.

I'm using this guide: https://developweekly.com/docs/haproxy- ... direction/

However, I've encountered a problem. HaProxy needs to be the service pointed at port 80, which is handled currently by lighttpd. However, I cant change lighttpd's port from 80 to something else. I tried setting it in /etc/lighttpd/lighttpd.conf, using server.port = 8080, but for some reason it still uses port 80.

Is there any way I can fix this? Some tips on this reverse proxy setup would be nice, too!

[Joulinar]

Hi,

many thanks for your request. I did a test on my RPi3B+ and changing server port within /etc/lighttpd/lighttpd.conf is working quite well

Code: Select all

root@DietPi3:/etc/lighttpd# cat /etc/lighttpd/lighttpd.conf | grep server.port
server.port                 = 8080

LISTEN port is 8080 now

Code: Select all

root@DietPi3:/etc/lighttpd# lsof -i -P -n | grep LISTEN
dropbear 474     root    3u  IPv4  10923      0t0  TCP *:22 (LISTEN)
dropbear 474     root    4u  IPv6  10924      0t0  TCP *:22 (LISTEN)
lighttpd 697 www-data    4u  IPv4  14511      0t0  TCP *:8080 (LISTEN)
lighttpd 697 www-data    5u  IPv6  14512      0t0  TCP *:8080 (LISTEN)

Did you restart lighttpd service after changing the port?

Code: Select all

systemctl restart lighttpd.service

[Rilic]

Alright, so I'm dumb. Turns out it is changing the port and it is saying that it is being used as the LISTEN port using the command you did. However, the webserver is still accessible from port 80 and is not accessible from port 8080. Is there something in lighttpd's configs controlling this that I don't know about?

I'm new to both HAProxy and lighttpd, so it really might just be me being dumb.

[Joulinar]

can you past output of lsof -i -P -n | grep LISTEN pls

[Rilic]

Code: Select all

root@dietpi:~# lsof -i -P -n | grep LISTEN
pihole-FT  350      pihole    5u  IPv4  11603      0t0  TCP *:53 (LISTEN)
pihole-FT  350      pihole    7u  IPv6  11605      0t0  TCP *:53 (LISTEN)
pihole-FT  350      pihole   10u  IPv4  11609      0t0  TCP 127.0.0.1:4711 (LISTEN)
pihole-FT  350      pihole   11u  IPv6  11611      0t0  TCP [::1]:4711 (LISTEN)
cloudflar  439 cloudflared    3u  IPv4  12640      0t0  TCP 127.0.0.1:33167 (LISTEN)
cloudflar  439 cloudflared    6u  IPv4  12649      0t0  TCP 127.0.0.1:5053 (LISTEN)
sshd       550        root    3u  IPv4  12744      0t0  TCP *:22 (LISTEN)
sshd       550        root    4u  IPv6  12746      0t0  TCP *:22 (LISTEN)
redis-ser  577       redis    7u  IPv4  12775      0t0  TCP 127.0.0.1:6379 (LISTEN)
redis-ser  577       redis    8u  IPv6  12776      0t0  TCP [::1]:6379 (LISTEN)
mysqld     644       mysql   19u  IPv4  12985      0t0  TCP 127.0.0.1:3306 (LISTEN)
gitea      725      dietpi   18u  IPv6  17484      0t0  TCP *:3000 (LISTEN)
Cuberite   749    cuberite   24u  IPv6  15670      0t0  TCP *:25565 (LISTEN)
Cuberite   749    cuberite   25u  IPv6  15671      0t0  TCP *:1339 (LISTEN)
lighttpd  5803    www-data    4u  IPv4  74810      0t0  TCP *:8080 (LISTEN)
lighttpd  5803    www-data    5u  IPv6  74811      0t0  TCP *:8080 (LISTEN)
lighttpd  5803    www-data    6u  IPv4  74812      0t0  TCP *:443 (LISTEN)

[Joulinar]

pls make sure you are using HTTP and not HTTPS. As far as I can see lighttpd is still running on port 443.

Code: Select all

http://<your-ip>:8080

But I guess you need to change lighttpd port 443 anyway if you like to use HaPoxy + SSL.

[Rilic]

I cannot access the server using <ip>:8080, nor <ip>:443. Only <ip>:80 works, which should be impossible as it isn't being used...

Port 443 gives me a "connection reset" error, while 8080 just times out without a response. Port 80 is still working fine...

[Joulinar]

did you have done a full reboot of your system?

[Rilic]

I have now done a full reboot with the port change saved in lighttpd.conf, but it still seems to be using port 80 and is still accessible from the internet. I'm not forwarding port 8080, either.

[Joulinar]

do you have HaProxy already installed? What about access from local notwork (let's not focus on internet access)?