Can't open port 8080 on Google Compute Engine running Debian - google-compute-engine

I am trying to run a simple Python http server that displays "hello world" on port 8080 using a micro instance. I also have 4 instances of Tornado running behind Nginx. Connecting to Nginx/Tornado on port 80 is not a problem.
I have added port 8080 to my firewall settings, and ensured port 8080 is open and listening on the server but no matter what I do, my connection is always refused. I have tried connecting using browsers, telnet and wget and every single connection is refused.
Here is the output of netstat -an | grep "LISTEN "
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8001 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8002 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8003 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp6 0 0 :::8000 :::* LISTEN
tcp6 0 0 :::8001 :::* LISTEN
tcp6 0 0 :::8002 :::* LISTEN
tcp6 0 0 :::8003 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
Here is my iptables list
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:http-alt
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Here is the Python script I am using:
#!/usr/bin/python
from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer
PORT_NUMBER = 8080
#This class will handles any incoming request from
#the browser
class myHandler(BaseHTTPRequestHandler):
#Handler for the GET requests
def do_GET(self):
self.send_response(200)
self.send_header('Content-type','text/html')
self.end_headers()
# Send the html message
self.wfile.write("Hello World!")
return
try:
#Create a web server and define the handler to manage the
#incoming request
server = HTTPServer(('', PORT_NUMBER), myHandler)
print 'Started httpserver on port ' , PORT_NUMBER
#Wait forever for incoming htto requests
server.serve_forever()
except KeyboardInterrupt:
print '^C received, shutting down the web server'
server.socket.close()


Does your network have the corresponding firewall rule? Follow the next steps to create it.
Go to the Developers Console and click on the corresponding project.
Click on 'Compute'
Click on 'Networks'
Click on the name of the corresponding network. You can see in which network is your instance clicking on 'VM instances' under the 'Compute Engine' section or with the command:
gcloud compute instances describe <instance> | grep "network:" | awk -F/ '{print $(NF)}'
Under the Firewall rules section, click 'Create new'
Enter a name for the firewall rule and in the field 'Protocols & ports' type: tcp:8080
Save the rule
After that, you should be able to access your HTTP server.
Otherwise you can try to see if your machine receives the SYN TCP packets in that port with the command: sudo tcpdump -i eth0 port 8080
Hope it helps


In GCE Web Console > Networks > Firewall rules > edit your RULE, remove TARGET TAGS and apply.
GL


probably somethings goes wrong when You've created the network rule. When a network rule is described and related MetaTag is created, assure that the VMs instances contain the same MetaTag, so the wanted traffic will be redirected to the machine.


Still not sure what went wrong, but I deleted my instance and network then created new ones. The new instance and network seem to be working fine, so I can only assume something went wrong when playing around with the old network as the new one doesn't seem to have the same problem.


make sure to add the right port.
the answer above states "tcp:80" , but this will not work if your server is running on another port.
thats probably the reason why it is not working for others


In GCE Web Console, goto Networks > Firewall rules > create firewall rule,
then
input a name for the new rule
choose "all instance in the network" for targets
put 0.0.0.0/0 in source IPv4 ranges
checkbox TCP and input 8080 as port
and save

Related

OKD 4.5 single node installation

I'm trying to build an OKD 4.5 single node cluster following Craig Robinson blog post (at https://medium.com/swlh/guide-okd-4-5-single-node-cluster-832693cb752b). I faced with this issue first on bootstrap node, but after deleting and recreating the whole process again, it booted up successfully. But the same issue happened again while preparing control plane master node. After initial coreos download (which proves webserver is working fine), I get this recurring GET error message over and over again:
ignition[xxx]: GET error: Get "https://api-int.lab.okd.local:22623/config/master": EOF
And this is my control plane node config:
ip=10.106.31.233::10.106.31.1:255.255.255.0:::none nameserver=10.106.31.231 coreos.inst.install_dev=/dev/sda coreos.inst.image_url=http://10.106.31.231:8080/okd4/ fcos.raw.xz coreos.inst.ignition_url=http://10.106.31.231:8080/okd4/master.ign
IPs are:
okd-services: 10.106.31.231 ;
bootstrap: 10.106.31.232 ;
control-plane: 10.106.31.233
I can reach the http://10.106.31.231:8080/okd4 address from remote pc and list the contents including master.ign file. Also pinging "api-int.lab.okd.local" is successful too. firewalld open ports on okd-services node are:
[root#okd4-services ~]# ss -ltu
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 0.0.0.0:hostmon 0.0.0.0:*
udp UNCONN 0 0 10.106.31.231:domain 0.0.0.0:*
udp UNCONN 0 0 127.0.0.1:domain 0.0.0.0:*
udp UNCONN 0 0 127.0.0.53%lo:domain 0.0.0.0:*
udp UNCONN 0 0 [::]:hostmon [::]:*
udp UNCONN 0 0 [::]:domain [::]:*
tcp LISTEN 0 128 0.0.0.0:ssh 0.0.0.0:*
tcp LISTEN 0 4096 127.0.0.1:rndc 0.0.0.0:*
tcp LISTEN 0 4096 0.0.0.0:https 0.0.0.0:*
tcp LISTEN 0 4096 0.0.0.0:22623 0.0.0.0:*
tcp LISTEN 0 4096 0.0.0.0:cslistener 0.0.0.0:*
tcp LISTEN 0 4096 0.0.0.0:sun-sr-https 0.0.0.0:*
tcp LISTEN 0 4096 0.0.0.0:hostmon 0.0.0.0:*
tcp LISTEN 0 4096 0.0.0.0:http 0.0.0.0:*
tcp LISTEN 0 10 10.106.31.231:domain 0.0.0.0:*
tcp LISTEN 0 10 127.0.0.1:domain 0.0.0.0:*
tcp LISTEN 0 4096 127.0.0.53%lo:domain 0.0.0.0:*
tcp LISTEN 0 128 [::]:ssh [::]:*
tcp LISTEN 0 4096 [::1]:rndc [::]:*
tcp LISTEN 0 4096 [::]:hostmon [::]:*
tcp LISTEN 0 511 *:webcache *:*
tcp LISTEN 0 10 [::]:domain [::]:*
the output of the dig test on okd-services node is:
[root#okd4-services ~]# dig -x 10.106.31.231
; <<>> DiG 9.11.25-RedHat-9.11.25-2.fc33 <<>> -x 10.106.31.231
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60620
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;231.31.106.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
231.31.106.10.in-addr.arpa. 604800 IN PTR api-int.lab.okd.local.
231.31.106.10.in-addr.arpa. 604800 IN PTR api.lab.okd.local.
231.31.106.10.in-addr.arpa. 604800 IN PTR okd4-services.okd.local.
;; SERVER: 127.0.0.53#53(127.0.0.53)
I deleted and recreated the control plane to see if it solved the issue, but was not successful. Any idea what this issue means?

I had exact the same issue with this article. The problem was with bootstrap node that cannot finish initialization process. First of all initialize bootstrap node and sure that the process was finished. The simplest way to check what's going on with a node:
Connect to a node with ssh core#<NODE'S-IP> from the machine where you generate ssh-certificate
ssh will provide you useful information:
This is the bootstrap node; it will be destroyed when the master is
fully up.
The primary services are release-image.service followed by
bootkube.service. To watch their status, run e.g.
journalctl -b -f -u release-image.service -u bootkube.service This
is the bootstrap node; it will be destroyed when the master is fully
up.
The primary services are release-image.service followed by
bootkube.service. To watch their status, run e.g.
journalctl -b -f -u release-image.service -u bootkube.service Fedora
CoreOS 32.20200629.3.0 Tracker:
https://github.com/coreos/fedora-coreos-tracker Discuss:
https://discussion.fedoraproject.org/c/server/coreos/
First of all you have to check journalctl -b -f -u release-image.service -u bootkube.service because it's main units. However, there're might be other issues so check failed/not finished systemd's service units with systemctl list-units --type=service and journalctl -f -u <UNIT-NAME> to follow the process
Whole process will spend some time (~20-40 mins in my case) and there're might be some timeouts in journal's logs so just wait the final status of the unit.
Only then you can start initializing of control-plane node
Finally, my issue was in wrong fedora-core-os version because you can use 32 version only. For me it's installed okay with:
fedora-coreos-32.20201104.3.0-metal.x86_64.raw.xz
fedora-coreos-32.20201104.3.0-metal.x86_64.raw.xz.sig
fedora-coreos-32.20201104.3.0-live.x86_64.iso
openshift-client-linux-4.5.0-0.okd-2020-10-15-235428.tar.gz
openshift-install-linux-4.5.0-0.okd-2020-10-15-235428.tar.gz

How do I stop an existing open shift Port Forward

With oc, I can portward a pod in open shift to get local access.
oc get pods
oc port-forward MY-POD-NAME 5555:5555
How do I stop it after I start it?
I've searched through
oc port-forward --help
I don't see a way to get a list of all "port-forwards" to try and get a unique name.
Error message when I try to start listening (note, my pod-name is different after redeployment)
Unable to listen on port 5555: All listeners failed to create with the
following errors: Unable to create listener: Error listen tcp4
127.0.0.1:5555: bind: address already in use, Unable to create listener: Error listen tcp6: address [[::1]]:5555: missing port in
address error: Unable to listen on any of the requested ports: [{5555
5555}]
URLs I have fished:
https://docs.openshift.com/enterprise/3.0/dev_guide/port_forwarding.html
https://docs.openshift.com/enterprise/3.0/cli_reference/basic_cli_operations.html

You should be able to stop oc port-forward by using Ctrl-C (confirmed here).
If the port is still stuck open, then you can use sudo netstat -lnp to find the PID keeping it open. For example:
$ sudo netstat -lnp | grep 5555
tcp 0 0 127.0.0.1:5555 0.0.0.0:* LISTEN 302867/oc
tcp6 0 0 ::1:5555 :::* LISTEN 302867/oc
Once you have the PID (which is the number here : 302867/oc), you can use sudo kill -9 <PID> to end the process, and that should free up that port.

Ejabberd does not work on MAC with [Failed to open socket at [::]:5222]

I am facing errors at the first cup of Ejabberd.
On my Mac(10.13.6) I installed "ejabberd-18.12.1-osx.app" and I have followed all instruction written in official website. (https://docs.ejabberd.im/admin/installation/#install-on-macos)
After installation was completed I noticed nothing significant and found error logs were generated as below.
2019-01-16 10:02:03.936 [error] <0.316.0>#ejabberd_listener:report_socket_error:417 Failed to open socket at [::]:5222 for ejabberd_c2s: address already in use
2019-01-16 10:02:03.937 [error] <0.315.0> Supervisor ejabberd_listener had child {5222,{0,0,0,0,0,0,0,0},tcp} started with ejabberd_listener:start({5222,{0,0,0,0,0,0,0,0},tcp}, ejabberd_c2s, [{ip,{0,0,0,0,0,0,0,0}},{max_stanza_size,262144},{shaper,c2s_shaper},{access,c2s},{starttls_required,...}]) at undefined exit with reason eaddrinuse in context start_error
2019-01-16 10:02:03.937 [error] <0.274.0> Supervisor ejabberd_sup had child ejabberd_listener started with ejabberd_listener:start_link() at undefined exit with reason {shutdown,{failed_to_start_child,{5222,{0,0,0,0,0,0,0,0},tcp},eaddrinuse}} in context start_error
2019-01-16 10:02:03.942 [critical] <0.81.0>#ejabberd_app:start:66 Failed to start ejabberd application: {error,{shutdown,{failed_to_start_child,ejabberd_listener,{shutdown,{failed_to_start_child,{5222,{0,0,0,0,0,0,0,0},tcp},eaddrinuse}}}}}
I exactly understand what "address already in use" means but netstat does not show any possession on this port. Also I never changed any of the server configuration. I tried to start server manually but same errors repeats.
Does this version of Ejabberd have bugs on Mac installation?
Many thanks in advance.

When ejabberd starts, it uses several ports (some for XMPP, others for additional ejabberd features, others for Erlang). Notice that some ports may be in IPv6:
tcp 0 0 0.0.0.0:42859 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:4560 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:epmd 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5280 0.0.0.0:* LISTEN
tcp6 0 0 [::]:epmd [::]:* LISTEN
tcp6 0 0 [::]:xmpp-client [::]:* LISTEN
tcp6 0 0 [::]:xmpp-server [::]:* LISTEN
Maybe you have other previous ejabberd installation around there messing? Or other XMPP server?

Bootnode public address

I am trying to deploy an small private Ethereum network using geth. I have a server running geth configured as a miner in my local network. In the other side I have a droplet in DigitalOcean that I want to use as a bootnode to connect future nodes to my network.
I have executed the following commands in my DigitalOcean Droplet:
bootnode --genkey=boot.key
bootnode --nodekey=boot.key --addr:$(MY_PUBLICIP):30301
And I get the following output from the command instead of my public key that I need to introduce as my enode reference in the future nodes:
INFO [10-29|18:13:32.851] New local node record seq=1 id=785b198c28c625f8 ip=<nil> udp=0 tcp=0
Could please somebody tell how to interpret the output from the bootnode command?
I introduced a netstat command in order to find out whether or not the program is opening a port.
ether#ubuntu-s-1vcpu-2gb-ams3-01:~$ netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
udp 6912 0 localhost:domain 0.0.0.0:*
udp 0 0 ubuntu-s-1vcpu-2g:30301 0.0.0.0:*
raw6 0 0 [::]:ipv6-icmp [::]:* 7
raw6 0 0 [::]:ipv6-icmp [::]:* 7
I'm using a standard Ubuntu 18.04 configuration of the basic droplet DigitalOcean, I would like to know if I should configure something else besides the usual compilation of the geth code in order to make a bootnode work.
Thanks any help is welcomed.

Zabbix-proxy on the same server that Zabbix-server

I installed a zabbix-server and a zabbix-proxy on the same server, a debian 7.6
But I can't run zabbix-proxy on a passive mode, here is the issue :
listener failed: zbx_tcp_listen() fatal error: unable to serve on any address [[-]:10051]
Here is my netstat
tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN 2142/zabbix_agentd
tcp 0 0 0.0.0.0:10051 0.0.0.0:* LISTEN 55825/zabbix_server
Because my zabbix-proxy need to be on a passive mode, I can not change his port. Any way to force this changing or any fix to handle this case ?
Cheers,

Reconfigure ListenPort of Zabbix server and then just use that new Zabbix server port in other settings (agents, proxies, senders, ...).
Doc: https://www.zabbix.com/documentation/3.2/manual/appendix/config/zabbix_server