Can only connect to my apache Centos server on port 22. Can SSH but no browser. Runs DirectAdmin

Question

I have a remote apache server set up running Centos7.1 but I usually use DirectAdmin on port 2222 to manage it. This problem first came about after my SSL certificate expired. I tried to get on and update the certificates. I had some issues connecting to port 22 and 2222 due to my firewall blocking me as my ISP had changed my IP address. At some point I did a reboot of the server and I think that's when access to 80 and 443 was lost for everyone. But I hadn't made any changes to the settings on the server as far as i can tell. I have tried turning off my firewall completely to remove any potential firewall issues blocking me.

I have 3 ip addresses on the server with 2 accounts and several different websites. Usually I can log on to port 2222 to manage the server but that port is unreachable as well as the usual port 80 and 443 to show the webpages. I've tested by running port scan on my mac. Only SSH port 22 is reachable. Only this server is having the issue, I can connect to other servers and websites.

So far i have tested the following.

systemctl status httpd - has some warnings but not critical had them prior to problem

[root@svr ssh]# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/etc/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2020-04-13 02:50:04 CEST; 24h ago
  Process: 9675 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
 Main PID: 1454 (httpd)
   Status: "Total requests: 1; Idle/Busy workers 100/0;Requests/sec: 8.82e-05; Bytes served/sec:   0 B/sec"
   CGroup: /system.slice/httpd.service
           ├─ 1454 /usr/sbin/httpd -DFOREGROUND
           ├─ 9676 /usr/sbin/httpd -DFOREGROUND
           └─10031 /usr/sbin/httpd -DFOREGROUND

Apr 13 02:50:04 my.server.name httpd[1454]: AH00112: Warning: DocumentRoot [/home/admin/domains/sharedip] does not exist
Apr 13 02:50:04 my.server.name httpd[1454]: AH00112: Warning: DocumentRoot [/home/admin/domains/sharedip] does not exist
Apr 13 02:50:04 my.server.name httpd[1454]: AH00112: Warning: DocumentRoot [/home/admin/domains/sharedip] does not exist
Apr 13 02:50:04 my.server.name httpd[1454]: AH00112: Warning: DocumentRoot [/home/admin/domains/sharedip] does not exist
Apr 13 02:50:04 my.server.name systemd[1]: Started The Apache HTTP Server.
Apr 14 00:11:01 my.server.name httpd[9675]: AH00112: Warning: DocumentRoot [/home/admin/domains/sharedip] does not exist
Apr 14 00:11:01 my.server.name httpd[9675]: AH00112: Warning: DocumentRoot [/home/admin/domains/sharedip] does not exist
Apr 14 00:11:01 my.server.name httpd[9675]: AH00112: Warning: DocumentRoot [/home/admin/domains/sharedip] does not exist
Apr 14 00:11:01 my.server.name httpd[9675]: AH00112: Warning: DocumentRoot [/home/admin/domains/sharedip] does not exist
Apr 14 00:11:01 my.server.name systemd[1]: Reloaded The Apache HTTP Server.

CURL from on the server confirms apache server running on those ports

[root@svr ssh]# curl localhost:80
<html>Apache is functioning normally</html>
[root@svr ssh]# curl localhost:2222
<html>
<head>
<title>DirectAdmin Login</title>
<meta name="robots" content="noindex,nofollow">
<style>
*{ FONT-SIZE: 8.5pt; FONT-FAMILY: verdana; } b { FONT-WEIGHT: bold; } .listtitle { BACKGROUND: #425984; COLOR: #EEEEEE; white-space: nowrap; border-radius: 3px; box-shadow: 1px 1px 3px #727272; } td.list { BACKGROUND: #EEEEEE; white-space: nowrap; } input { border-radius: 3px; padding-left: 4px; padding-right: 4px; } .inset { border: 1px inset #DDDDDD; } #footer { position: fixed; bottom: 0; width: 100%; padding-bottom: 20px; text-align: center; color: #A1A1A1; } #outofsync { font-weight: bold; color: #990000; }</style>
</head>

Netstat on the server (replaced the first two numbers in my servers IP with X for security reasons)

[root@svr ssh]# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      1484/mysqld         
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      2665/exim           
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      1135/dovecot        
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      1135/dovecot        
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd           
tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN      2665/exim           
tcp        0      0 X.X.60.245:53        0.0.0.0:*               LISTEN      2726/named          
tcp        0      0 X.X.60.243:53        0.0.0.0:*               LISTEN      2726/named          
tcp        0      0 X.X.2.221:53         0.0.0.0:*               LISTEN      2726/named          
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      2726/named          
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      1167/pure-ftpd      
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1128/sshd           
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      2726/named          
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      2665/exim           
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      1135/dovecot        
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      1135/dovecot        
tcp6       0      0 :::587                  :::*                    LISTEN      2665/exim           
tcp6       0      0 :::2222                 :::*                    LISTEN      1151/directadmin    
tcp6       0      0 :::111                  :::*                    LISTEN      1/systemd           
tcp6       0      0 :::80                   :::*                    LISTEN      1454/httpd          
tcp6       0      0 :::465                  :::*                    LISTEN      2665/exim           
tcp6       0      0 :::21                   :::*                    LISTEN      1167/pure-ftpd      
tcp6       0      0 :::22                   :::*                    LISTEN      1128/sshd           
tcp6       0      0 ::1:953                 :::*                    LISTEN      2726/named          
tcp6       0      0 :::25                   :::*                    LISTEN      2665/exim           
tcp6       0      0 :::443                  :::*                    LISTEN      1454/httpd          
udp        0      0 X.X.60.245:53        0.0.0.0:*                           2726/named          
udp        0      0 X.X.60.243:53        0.0.0.0:*                           2726/named          
udp        0      0 X.X.2.221:53         0.0.0.0:*                           2726/named          
udp        0      0 127.0.0.1:53            0.0.0.0:*                           2726/named          
udp        0      0 127.0.0.1:323           0.0.0.0:*                           762/chronyd         
udp6       0      0 ::1:323                 :::*                                762/chronyd

ifconfig on the server

[root@svr ssh]# ifconfig
enp0s31f6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet X.X.2.221  netmask 255.255.255.255  broadcast X.X.2.221
        inet6 X:X:2a:322::2  prefixlen 64  scopeid 0x0<global>
        inet6 X::X:eff:feee:5e6  prefixlen 64  scopeid 0x20<link>
        ether X:X:0e:ee:05:e6  txqueuelen 1000  (Ethernet)
        RX packets 1321177  bytes 307234082 (293.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 989738  bytes 132392622 (126.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 16  memory 0xef000000-ef020000  

enp0s31f6:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet X.X.60.243  netmask 255.255.255.248  broadcast X.X.60.247
        ether X:X:0e:ee:05:e6  txqueuelen 1000  (Ethernet)
        device interrupt 16  memory 0xef000000-ef020000  

enp0s31f6:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet X.X.60.245  netmask 255.255.255.248  broadcast X.X.60.247
        ether X:X:0e:ee:05:e6  txqueuelen 1000  (Ethernet)
        device interrupt 16  memory 0xef000000-ef020000  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 229  bytes 22844 (22.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 229  bytes 22844 (22.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

score 0 · Accepted Answer · answered Apr 14 '20 at 02:31

Because I'm new I cannot leave a comment - sorry.

First note, I could not see httpd listening on port 80 on TCP, only TCP6. My understanding is that httpd will only answer IPV6 addresses.

Something you should verify that your firewall has appropriate ports open.

See currently allowed ports using the following command;

sudo firewall-cmd --list-all --zone=public

This is assuming your default zone is public.

Via ssh you can open ports as follows;

sudo firewall-cmd --add-port=2222/tcp --zone=public --permanent
sudo firewall-cmd --reload

Services are opened using a similar command;

sudo firewall-cmd --add-service=http --add-service=https --permanent
sudo firewall-cmd --reload

After ensuring the firewall allows the ports or services you require you should be able to connect.

You said your IP Address changed but you didn't clarify if it was you (the client) or the Server Address which changed. If it was the server make certain the DNS points to the correct address. A simple "ping youdomainname" should give you the answer to that question.

There are various online port scanners which can scan for open ports, I suggest using one to ensure that both your domain are active and the correct ports are open from the outside world.

If all of the above is correct, that is;

Ports are open
IP Addresses confirmed
httpd is listening on TCP & TCP6

Thinks should be working for you.

Perfect that fixed the problem thank you. I don't know how the firewall was set in the first place that's still a mystery. I had been setting up my firewall rules in the Hetzner Robot (my server companies) console. I thought that was the only firewall in play. The ip address that changed was my home ip from my ISP. I had the rule in the Hetzner firewall to block everyone expect me to the 2222 port. There are a crazy number of attacks out there looking for vulnerabilities. — Webtopia, Apr 14 '20 at 06:39
Glad that fixed it for you. Can you mark my answer as correct so I get some points here :) There are indeed loads of attacks daily, particularly ssh when standard ports are used. Even 2222 will get attacked as it's a common port to use. It's a sad world we live in. Anyway, glad that fixed you up. — Admiral Noisy Bottom, Apr 14 '20 at 06:46
Sorry it seems like I can't mark your answer as I'm new to serverfault. A bit odd since I have loads of posts on other StackExchange sites. — Webtopia, Apr 14 '20 at 10:45
That is weird, you asked the question so surely you can mark it as answered. — Admiral Noisy Bottom, Apr 14 '20 at 20:40

Can only connect to my apache Centos server on port 22. Can SSH but no browser. Runs DirectAdmin

1 Answers1